Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Further Data Loss Incident Indicates Unacceptable Failures At NHS

Cryptzone : 04 October, 2011  (Technical Article)
Cryptzone comments on the systematic failures of the NHS to protect patient data leading to the latest incident of data being lost from an unencrypted memory stick
Further Data Loss Incident Indicates Unacceptable Failures At NHS
News that East Surrey Hospital has lost the medical details of 800 patients on an unencrypted memory stick is just the latest in a string of NHS data faux pas, says Cryptzone, but that does not lessen its potential impact on the people – and their families – concerned.

According to Grant Taylor, the European IT threat mitigation specialist’s UK VP, ever since David Smith, the Deputy Commissioner with the ICO revealed in April last year that the NHS is responsible for one third of data breaches reported to his office there has a been a steady stream of patient data losses reported in the media, with censures and undertakings signed by the various health trusts involved.

“But has this changed the NHS' strategy on data security? Judging from the stream of NHS data loss reports in the 18 months since the ICO Deputy Commissioner's revelations at Infosecurity Europe 2010, nothing much has changed. This is an utter disgrace,” he said.

“The sad reality is that, with around one in twelve adults employed or involved within the NHS in some way or another, it is perhaps understandable that patient data losses are going to keep on taking place. But that doesn't make them any more acceptable, nor should it detract from NHS IT security professionals' ongoing task to stop incidents like this from taking place,” he added.

Taylor went on to say that, judging from local media reports, the 800 patients' details – which included details of the names, dates of birth and, perhaps more worryingly, details of their operations – were lost in September of last year and have never been recovered.

The Cryptzone VP says that, whilst reports like this are perhaps inevitable, Surrey and Sussex Healthcare NHS Trust has done itself no favours in the way it has dealt with the incident, apparently only choosing to reveal the data loss in its annual 2010/2011 report.

Equally unacceptable, he adds, is the fact that the healthcare trust did not inform the affected patients of the data loss, although, presumably, the ICO's office was informed.

Taylor noted that the other area of concern is that there were reportedly nine other `near misses’, where information was mislaid but found, suggesting, he says, that there is a casual approach to data security within the trust.

“Had this been a private company, rather than an NHS Trust, the organisation would have been publicly censured and a large fine levied under the Data Protection Act. The fact that this is a government agency that has experienced a total of 10 data loss incidents - and one where the data was not recovered – is a highly questionable,” he said.

“All 800 of the affected patients have every right to feel aggrieved, especially if some of their operations were of an embarrassing nature. The way in which Surrey and Sussex Healthcare NHS Trust has made this data loss public, needs thorough investigation. It is human nature to make mistakes, but this incident could have been so easily prevented through better user education and the application of widely available encryption technologies.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo