Infosecurity Europe: NHS mobile and laptop thefts rise by one third
A new report from the Parliament Street think tank, published on the final day of Infosecurity Europe has revealed a sharp rise of laptops and mobile phones in NHS hospitals, raising fresh fears around data security
The National Health Service (NHS) has reported almost 1,300 electronic devices missing over the last three calendar years, according to new research from leading think tank Parliament Street. The findings are contained in a new report, entitled ‘NHS Data Security: Device Loss’ which examines the numbers of the lost or stolen devices reported within NHS hospitals, looking specifically at tablet computers, mobile phones and laptops.
Researchers discovered that overall, 1,283 devices have been reported missing by 58 NHS hospitals since 2016.
In 2016, the overall figure of lost devices was 383, slightly increasing to 389 in 2017, and jumping to a staggering 511 by 2018 – an overall increase of 33 per cent across the three years. The data was obtained under Freedom of Information (FOI) legislation, the data included losses reported by both staff and patients on-site at the respective hospitals.
Mobile phones were the most popular device reported missing over all three years – with 284 in 2016, rising to 309 in 2017 and then 366 in 2018; an overall increase of 29 per cent. However, the device which saw the largest percentile increase of loss or theft was laptops, with 55 reported missing in 2016, rising to 81 in 2018 – an increase of 47 per cent.
The NHS Trust with the most recorded devices lost or stolen over the last three years is Eastbourne District General Hospital, which has lost a total of 110 devices since 2016. The second and third highest number of missing devices were Bradford Teaching Hospital and Salisbury NHS Foundation Trust, which saw 96 and 81 reports of lost or stolen devices respectively. However, some hospitals which responded to our request disclosed that they had no devices lost or stolen in the last three full years. These were James Paget University Hospital and Liverpool Heart and Chest Hospital. The report also observed some more detailed notes which were pertinent to the lost devices request.
Kings College Hospital confirmed that in 2016 they had reports of two breast pumps being stolen and a microwave. University Hospital Southampton informed us that in 2016, a patient managed to steal a ward TV by vomiting on the floor to distract a registered mental health nurse. He then requested privacy and put the TV in his bag. The nurse then helped him carry his bags to the taxi rank, he reported that they felt quite heavy but didn’t think anything of it at the time.
Andy Heather, VP, Centrify said, “Rising thefts of critical mobiles and laptops could pose serious cybersecurity risks to NHS hospitals. Increasingly we’re seeing hackers and fraudsters targeting accredited devices and using legitimate log-in details to gain access to confidential data and private records without raising suspicion."
Heather continued, "Tackling this problem means adopting a zero-trust approach to all user-accounts, ensuring every employee who tries to access critical information is screened with the necessary password, location and authentication procedures to ensure they are who they say they are.”
We are wholly dependent on the kindness of our readers for our continued work. We thank you in advance for any support you can offer.