Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Unencrypted Flash Drive Leads To NHS Data Loss

CyberArk Software : 04 October, 2011  (Technical Article)
Cyber-Ark comments on data breach at East Surrey Hospital in the UK after incident involving confidential data being stored on unencrypted removable storage device
Unencrypted Flash Drive Leads To NHS Data Loss
A report from the Surrey and Sussex Healthcare NHS Trust has revealed that East Surrey Hospital lost the details of 800 patients in September 2010 but failed to notify any of the affected patients*. The Trust’s 2010/2011 annual report stated that the lost information had been held on an unencrypted memory stick, and included the names, dates of births and operation details of each patient.  The report also revealed a further nine “near misses” whereby information was lost but later recovered.

Nick Lowe, VP of Sales EMEA at Privileged Identity Management expert Cyber-Ark, has said the following: “It’s a worrying situation when it is no longer surprising to see an NHS data breach with a lost, unencrypted USB stick at the heart of it.  Such devices – which have proven to be consistently vulnerable to loss, theft and poor security practices – must be retired.  Technology has moved on, and so should organisations looking to transfer information securely.  Only by using modern Secure File Transfer solutions can organisations be sure that their data is protected at all times, and only accessible by the intended recipient.

“It’s also hugely disappointing to see that the Surrey and Sussex Healthcare Trust failed to notify the individuals affected by the data breach.  The Trust has an obligation to protect the personal information of those in its care properly, however, revelations of the poor data security and failure to notify, indicate that there are some serious flaws in its current approach.

“It’s unclear just how many more of these incidents are needed before lessons are learned and changes made, but this data breach, along with the nine “near misses” mentioned in the report, will do little to inspire public faith in the NHS.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo