BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Patient data loss forces Trusts to adopt encryption

From: security curmudgeon <jericho () attrition org>
Date: Thu, 30 Apr 2009 15:46:43 +0000 (UTC)

http://www.computing.co.uk/computing/news/2241469/four-nhs-trusts-lose-patient

Patient data loss forces Trusts to adopt encryption
Written by Tom Young
Computing, 30 Apr 2009

Four NHS trusts have agreed to encrypt all portable and mobile after being 
found in breach of the Data Protection Act by the Information 
Commissioner's Office (ICO).

As well as encrypting mobile devices the NHS bodies will ensure a security 
swipe card system is working at all times and implement new security 
systems to ensure patient details can not be downloaded by unauthorised 
personnel.

Mick Gorrill, Assistant Information Commissioner at the ICO, said the 
cases should serve as a stark reminder to all NHS organisations that 
patient information is not always handled with adequate security.

"It is a matter of significant concern to us that in the last six months 
it has been necessary to take regulatory action against 14 NHS 
organisations for data breaches," he said.

"In these latest cases staff members have accessed patient records without 
authorisation and on occasions, have failed to adhere to policies to 
protect such information in transit. There is little point in encrypting a 
portable media device and then attaching the password to it."

Cambridge University Hospital NHS Foundation Trust lost the medical 
treatment details of 741 patients after a member of staff downloaded 
details onto a private memory stick without the trusts's knowledge.

And Central Lancashire Primary Care Trust lost an encrypted memory stick 
containing medical treatment details of 6,360 patient in Her Majesty's 
Prison Preston.

The North West London Hospitals NHS Trust reported the theft of two 
laptops and in a separate incident, the theft of a desktop computer, in 
total containing the details of test results and hospital numbers of 361 
patients.

Hull & East Yorkshire Hospitals NHS Trust reported two incidents resulting 
in the loss and theft of a desktop computer and disused laptop in total 
containing unencrypted medical treatment details of 2,300 patients.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss
Previous By Date Next
Previous By Thread Next

Current thread: