Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Security Specialist Levels Heavy Criticism At NHS For Latest Data Loss

Venafi : 17 June, 2011  (Technical Article)
Venafi describes the loss of sensitive and personal patient data by the UK's National Health Service as being completely avoidable and the result of incompetence

News that the medical records of 8.63 million patients - including details of abortions, HIV infections, cancer and mental illness treatments - have been lost after an NHS laptop went missing in late May has been met with consternation from Venafi, the data security specialist.


According to reports, the apparent theft of the unencrypted laptop from a London NHS building is potentially the biggest data loss incident in the history of the NHS.


This laptop was apparently one of 20 which were ‘lost’ from a store room at London Health Programmes - a medical research facility.  According to Jeff Hudson, CEO of Venafi, the loss of the data, the health records, was 100% avoidable. “People will lose or have stolen from them physical items like laptops, that is unavoidable. What is completely avoidable is losing the health records. If they were encrypted, then they would not be readable by the theif or whoever they end up with.” I find it breathtaking, and maddening that the NHS did not encrypt the data on the laptops. It is easy to do, there is excellent technology in place to do it, and if it had been done then 8.63 million people would be feeling completely differently today because their most private information would not be floating around in plain sight." he said.


"With the offending laptop reportedly also containing records of around 18 million hospital visits, operations and patient procedures, this is a very avoidable and  serious data loss indeed and likely violates data protection regulations and patient privacy mandates" he added.


Venafi's CEO noted that when David Smith, the Deputy Information Commissioner spoke at the Infosecurity Europe 2010 show just over a year ago, he revealed that the NHS was responsible for one third of all the data breaches his office had investigated.


Hudson said: “These aren’t someone's credit card details - which can be locked down by a bank and simply reissued. It's more than eight million people's' medical records, many of whom will be devastated to find that their most intimate personal details and health histories are potentially up for grabs in the criminal community.”


Hudson said: “News of the magnitude and severity of this loss of citizen’s personal medical information makes me sad and mad.  In general those responsible for these kinds of data loss are either incompetent or uneducated about how to avoid these situations.  Data must be encrypted at all times, when it is stored, or being moved it must be encrypted.  If it is encrypted, then it can’t be lost as it was in this case.  The question that must be answered by the NHS is why was this not encrypted and what best practices are being implemented to make sure that going forward all data will always be encrypted?”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo