Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Windows password insufficient protection for stolen NHS laptop

CyberArk Software : 27 April, 2009  (Technical Article)
The use of a login password by NHS Grampian to protect data on laptop insufficient to prevent data from being stolen
Cyber-Ark says that the theft of a laptop from Aberdeen Royal Infirmary recently, which contained the details of more than 1,300 patients, could have been avoided.

'This incident, involving a laptop stolen from a locked office, smacks of poor security policies at the NHS authority,' said Mark Fulbrook, Cyber-Ark's UK and Ireland director.

'Granted, the laptop was protected using a standard Windows password, but this level of security can easily be circumvented by an IT professional. You have to question why the data was stored on unencrypted basis on the computer in the first place,' he added.

According to Fulbrook, patient data of this type should never have been stored on a portable computing device, but stored instead on a computer server in encrypted format, accessible to laptop users on a remote - and encrypted - VPN basis.

Using this approach, with the master passwords only accessible to a few senior offices using a data vaulting approach, would mean that access to the patient data was available on a fully audit logged and authenticated basis.

The fact that data was on patients with an inflammatory bowel problem, he went on to say, is all the more embarrassing for the patients concerned, who will now be worried about their friends and colleagues discovering their unfortunate problem.

Worrying about medical problems being revealed, he explained, are potentially much more embarrassing than almost any other issues being made public, and the fact that these types of diseases are often made worse by stress is really bad news for the patients concerned.

'Not only will the patients affected by this laptop theft be worried about their data being made public, but the worry of the situation could actually make their problems worse,' he said.

'The fact that the problem was totally avoidable makes this data loss situation a lose-lose event for all concerned,' he added.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo