Network Endpoint Security News - Watch Your End

The National Health Service in the UK has admitted that nine separate regions have suffered individual cases of data loss recently. Up to 168,000 records are though to have been lost by NHS trusts across the country, some containing highly confidential clinical records.

The government confirmed that one of the breaches involved the loss of names and addresses of 160,000 children by City and Hackney Primary Care Trust, after a computer disc failed to arrive at its destination at St Leonards Hospital in east London. A further disc, lost by Gloucester Partnership Foundation Trust, consisted of archive records relating to patients treated 40 years ago - none of whom is still alive.

The latest news of data losses across UK government bodies has led to opposition political parties calling for a planned central NHS database to be scrapped.

Speaking to the BBC, health minister Dawn Primarolo said: “What it is really important to stress is how important patient security and confidentiality is and how each of these trusts is moving to deal with this.”

However, exactly what each trust is doing will remain a concern for British citizens who are becoming increasingly jaded with more and more news about the vulnerability of data held by government agencies.

Her Majesty’s Revenue & Customs in the UK, already under the spotlight for losing details of up to 25 million individuals in the UK, has admitted another data loss. According to sources, it is the seventh such example in the last couple of months.

This time, details of 6,500 customers belonging to a pension firm have been lost at an office of HM Revenue and Customs (HMRC) in Cardiff, Wales. Names, addresses, date of births, national insurance numbers and pension contributions were included on a data cartridge which has been lost.

This follows news earlier this week that another government body, the Driving Standard Agency, lost the details of around three million learner drivers. The data was being held by a private contractor, which reported the loss to the government back in May 2007. Why it took so long for the government to make the data loss public is still unclear.

What is clear is that the 25 million records initially lost by the HMRC is indeed turning out to be the tip of the iceberg. Organizations, both in the public and private sectors, need to urgently address their data security policies and ensure that they are not leaving gaping wide holes open in the security mechanisms by failing to address issues such as removable media devices on the network.

CSOOnline.com has released its top ten security breaches of 2007, which makes for slightly funny, hugely scary reading:

10. Monster.com and its 1.3 million customers

9. Commerce Bank of Wichita and the alleged security breach PR scam

8. Indianapolis Power and Light and 3,000 customer names, social security numbers etc

7. TSA and the case of the missing laptops

6. Shaw’s Supermarket and the social security passwords

5. Swedish Urology Group and the hard drives containing personal information (excuse the pun)

4. The Nature Conservancy and the polluted websites

3. TSA (part II), another 100,000 records lost

2. HM Revenue and Customs, 25 million records ‘in the mail’

1. TJX Maxx. No need to say more…

Get the full low-down on csoonline.com

A new survey released by the IT Compliance Policy Group has pointed to a direct link between an organization’s success at IT and corporate compliance and the number of security breaches they suffer.

According to the research, which looked at 2,000 different companies, those with 10 or more audit deficiencies will have at least 12 data security breaches in the year. Companies with two or fewer compliance deficiencies annually are likely to have two or fewer data losses or thefts in the same time period, according to the report

News emerged yesterday of two separate data losses that will once more leave UK Goverment agencies red-faced. In Northern Ireland, the Driver & Vehicle Agency (DVA) admitted that it had lost 6,000 driver records on two discs being sent to the agency’s headquarters in Swansea. The DVA confessed that the data had not been encrypted and included details of 7,685 vehicles and more than 6,000 vehicle keepers.

The data includes the keeper’s name, address, registration mark of the vehicle, chassis number, make and colour.

In a separate incident Finance Secretary John Swinney will today tell MSPs how a package containing details of 200 people went missing temporarily. The package containing pension benefit statements was lost after being sent from the Scottish Public Pensions Agency to NHS Greater Glasgow on October 26.