Incidences of data loss and theft from publicly funded bodies seem to be occurring on a weekly basis as last week the NHS was once again the target of cyber criminals. The Scottish Ambulance Service admitted that it had been the most recent victim after a laptop was stolen from its headquarters.
According to official sources, the laptop contained personal information relating to over 600 patients, although at this time there are no specific details concerning the nature of the data.
The stolen laptop is said to have data stored in an unencrypted form, with a password the sole barrier protecting the information against malicious external parties.
A spokesperson for the Scottish Ambulance Service told the press that the stolen laptop was one of only 12 unencrypted devices in use at the organisation. In total there are 218 laptops, the majority of which the organisation has protected using data encryption as part of an ongoing data protection drive.
Despite official claims that the state of data protection within the health service is improving, there are still sceptics within the industry who do not believe that the current schemes are doing enough to ensure the security of personal patient records.
Encryption expert Chris McIntosh responded to the news of the latest data theft on behalf of the private companies who are often charged with protecting public institutions. Mr McIntosh stated that despite the best efforts of organisations, there was always the risk of data leaking or being actively targeted by criminals.
Mr McIntosh criticised the fact that the stolen laptop lacked proper encryption and also made it clear that password protection was a paltry level of security when the abilities of today’s data criminals were applied to a stolen item.
Figures show that over the last two years nearly a third of all data theft incidents have been levelled against the NHS and experts are mystified by the apparently sluggish response of the organisation in the face of persistent threats to the personal information of patients.
Although the Scottish Ambulance Service is aware of the specific group of people affected by the recent data theft, the victims have yet to be notified. A full police investigation is ensuing.