Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

NHS records 'could be hacked'

From: InfoSec News <isn () C4I ORG>
Date: Mon, 26 Mar 2001 20:55:40 -0600
http://news.bbc.co.uk/hi/english/uk/scotland/newsid_1241000/1241402.stm

Sunday, 25 March, 2001

Doctors in Scotland are calling for security guarantees over plans to
put patients' health records on an NHS intranet system.  Critics of
the plan claim that computer hackers could gain access to highly
confidential information if the scheme went ahead.

The Scottish Executive said it would not introduce the system until it
was convinced it was "totally secure".

Scotland will be the first part of Britain to take part in the
experiment which will be used by doctors, pharmacists and patients
themselves.

Scottish Health Minister Susan Deacon plans to phase in the system by
2003, which could also lead to patients carrying their health records
on a "smart card".

The records will be held on NHSnet, the secure internet system used by
health staff, but its security has been questioned.

Dr Kenneth Harden, chair of the Scottish GP committee of the British
Medical Association, told the Mail on Sunday newspaper that doctors
would not hand over the records unless their security could be
guaranteed and patients had given their consent.

Dr Harden also said that there were "major concerns" that information
relating to a patient's sexual history or treatment for mental illness
could become public property.

Scottish Tory health spokeswoman Mary Scanlon also questioned the
scheme.

She said: "This is, in general, a good idea, but the implementation
has to be right.

"There is nothing about the record of the NHS in Scotland in
introducing computer systems which fills me with confidence and one
only has to look at scandals in the past, such as the failings of the
various screening programmes, as proof.

"These documents are documents that most of us want to remain totally
private."

Internet expert Mark Shaw said that the information would become a
target for "hackers and crackers".

Totally secure

There have been a number of high profile hacking cases in recent years
with Barclays bank and the Pentagon among the victims.

However, a spokesman for the Scottish Executive said that the system
would not be introduced unless they were confident that it was secure.

He said: "We have a commitment to develop electronic health records
but there is no suggestion at all that we will be putting them on the
internet.

"The records will be electronic so that those authorised can gain
access when they need to.

"Absolutely nothing would be done unless we were convinced that it was
totally secure."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: