HSE 'rocked' by security breach on 1, 500 patient records

[Christine Fulgham <christine () opensecurityfoundation org>]

http://www.independent.ie/business/irish/hse-rocked-by-security-breach-on-1500-patient-records-2382983.html


Hundreds of patient records were seriously compromised by a major security
breach at the HSE, the Sunday Independent has learned.

The 1,500 sensitive health records were removed from a Dublin office and
emailed to an outside organisation.

A private IT contractor, who was being overseen by a HSE staff member,
downloaded the records on to an unencrypted USB key -- something that is
absolutely forbidden in the HSE's own protocols.

The contractor took the private health records home to work on overnight --
again a serious breach of the health authority's procedures.

Intending to email the records on the memory stick back to the HSE, the
contractor mistyped the address and instead accidentally emailed them to
another State body.

The security breach was only discovered when the public body involved
alerted the HSE.

This serious compromise of client records "has rocked the HSE", a source
told this paper.

The internal investigation into it has involved several senior HSE figures
and is being considered a "major wake-up call" for the data leak-prone
authority.

The patients involved this time have not been informed that their private
information has been jeopardised.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/