Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hospital Breaches Data Security Regulations With Unencrypted Data Loss

CyberArk Software : 26 August, 2010  (Technical Article)
Cyber-Ark comments on the unacceptability of transferring data using unencrypted removable media when secure data transfer technology is so readily and widely available
The Information Commissioner's Office (ICO) has found Royal Wolverhampton Hospitals NHS Trust in breach of the Data Protection Act (DPA) after it lost a CD, containing over 100 patient records, from the Intensive Care Unit of New Cross Hospital's Heart and Lung Unit. The CD, which was unencrypted and had no password protection, was found at a bus stop close to the hospital.

Mark Fullbrook, UK and Ireland director at Privileged Identity Management (PIM) and information security expert, Cyber-Ark, has made the following comments:

"With the ICO yet to use its powers to issue heavy fines to organisations in breach of the DPA, the Royal Wolverhampton Hospitals NHS Trust should count itself very lucky.

"What's particularly disappointing in this case is that, with so many better-enabled devices and means of storing information, should this highly sensitive information have really been held and transported by CD? The Trust couldn't even explain how and why an unprotected CD with patient records was produced in the first place.

"It's quite clear that better controls and policies need to be enforced here. If data needs to be moved, then technology, such as some form of Governed File Transfer solution - which brings together strong encryption, authentication and monitoring, whilst ensuring data arrives on time - must be deployed in order to prevent such incidents in future."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo