The HSE has confirmed that 15 laptops were stolen from a HSE office in Roscommon on Friday and that the incident was reported to the Gardai. Of the 15 laptops, 13 were encrypted and two of the stolen laptops were password protected, but not encrypted. 

HSE is satisfied that there was no identifying information in relation to patients or clients on one of the non encrypted laptops. The HSE is awaiting the Incident Report about the stolen laptop that was not encrypted and which may or may not contain sensitive information. The HSE expects to receive this Incident Report in the coming days. 

The Data Protection Commissioners Office has been informed and where any clinically sensitive information is confirmed, we will be acting immediately to take the appropriate steps.

The HSE is committed to ensuring the protection of personal and sensitive client data that is held on staff laptops and began the process of encrypting all laptops in September last year. 

At that time HSE communicated with all staff members informing them of their individual responsibility to have the data on their laptops encrypted. A comprehensive encryption programme was undertaken to encrypt all laptops; special clinics and sessions were set up for all staff to have their laptops encrypted.

The HSE has an encryption policy in place which states that each user of the HSE’s IT resources is responsible for:

-         Complying with the terms of this policy and all other relevant HSE policies, procedures, regulations and applicable legislation.

-         Respecting and protecting the privacy and confidentiality of the information they possess at all times.

-         Complying with instructions issued by the ICT Directorate on behalf of the HSE.

-         Reporting all misuse and breaches of this policy to their line manager.

The policy also includes direction that the relevant action is taken regarding failure to comply with the policy.