Buckinghamshire Hospitals NHS Trust has suspended some methods of sending data after admitting the details of patients and staff had been copied to removable media such as CDs without encryption. The security clampdown comes after the trust reviewed more than 30 bulk transfers (50 records or more) of data.
The trust acknowledges in a report that “there is no single security measure that can be adopted to ensure that adequate control is assured”.
One of our visitors has alerted us to a brilliant example of how the healthcare industry is failing to understand and address the risks associated with data loss on removable media devices.
The UK’s ‘Health Service Journal’ is offering all subscribers a free 1GB USB flash drive - so they can access exclusive content from the magazine. We guess no-one at the magazine heard about the recent data loss incidents in Oldham, Stockport and Manchester?
At a time when uncontrolled removable media devices (such as USB sticks and CDs) present some of the most serious dangers to patient confidentiality, the offer from the magazine seems ill-timed at best and downright irresponsible at worst.
And just in case you think it really is too silly to be true, click here.
As our visitor commented: “I the only Information Security Manager who feels he’s swimming against the tide here?”.
No Terry, we share your pain…
Research from a London security consultancy has found that 30 percent of all security breaches originate from inside the IT department. The research also identified removable media devices and mobile devices as two of the top four vehicles for data leaks.
Customer Services departments were the second worst culprits for creating data breaches. Every organization that took part in the research suffered multiple instances of data breaches, sometimes potentially very costly and damaging. Information copied from the corporate network included HR files, pricing information, contracts and product details.
More on Forbes.com
The Ministry of Justice in the UK has confirmed media reports that four discs containing court materials have disappeared. The discs contained personal information on victims and witnesses, the MoJ admitted.
According to a statement from HM Inspectorate of Court Administration: “They were sent recorded delivery. Ministers and the information commissioner were notified immediately it was recognised that personal data had been lost.”
UK newspaper, The Daily Mail reported that the discs also contained details on at lest 55 defendants and other data not normally released in open court.
A student in Greater Manchester , UK, has reportedly found a USB stick containing sensitive medical and personal details of over 340 NHS patients. Acting on curiosity, she connected the USB disk to her PC to find that the data was accessible and unencrypted.
The names, addresses, dates of birth, home and mobile phone numbers and conditions of more than 340 patients were on the device. Most of the patients listed have diabetes and were part of a trial in preparation for a scheme providing eye tests for more than 10,000 people across Greater Manchester. The data stick contained encryption software but this had not been activated, allowing anyone to access the information.