A laptop, BlackBerry phone and data disc were taken from the home of a senior medical officer in the public health medicine division on Wednesday last week but details of thetheft only became public on Monday when affected personnel were notified.

While the laptop requires a password to be entered before it can be activated, if a user gains access to it, they could read the information stored on it as this data was not encrypted.

Among the data is personal information relating to 1,150 healthcare workers who took part in a HSE survey on the provision of the flu vaccine in the autumn last year.

A HSE statement said: “An electronic copy of the consent form that was signed by the healthcare workers involved was contained on thestolen disk. The forms contain routine information similar to that requested from recipients of other vaccines — name, address, date of birth, contact telephone number, GP name and data relating to occupation.”

The survey was carried out in an attempt to increase the numbers of healthcare workers availing of the vaccine and minimise the risk of personnel passing the flu on to vulnerable patients.

According to the HSE, the BlackBerry account was cancelled immediately so any data on it can not be accessed. However, it said inquiries were under way about the information on the laptop.

“The HSE is satisfied that the majority of this information is non patient/client specific and where any clinically sensitive information is confirmed, we will be acting immediately to take appropriate steps,” it said.

GardaĆ­ and the Data Protection Commission have been informed of the theft.

An encryption programme for laptops and handheld devices began at the HSE last year but is still not finished. The HSE said it was now prioritising all devices that contain personal and medically sensitive data and would have all devices encrypted by the end of this month.

However, Colm Murphy, technical director with information security consultants Espion, said encryption should be the last line of defence for organisations handling sensitive data. He said staff needed to be more vigilant about how they store equipment.

Deputy data protection commissioner Gary Davis told Newstalk radio: “Our concern is how this type of information, revealing health information, came to be in somebody’s house in an unencrypted format.”