Tag Archives: NHS

Data loss prevention inadequate, says expert

Data security expert Tony Dyhouse has called for public and private sector organisations to radically change the way in which they deal with data protection and backup. Writing for V3.co.uk Mr Dyhouse proposed that the creation of a culture of constant data security can be the only solution to the continual stream of data loss incidents.

The embarrassment and the damage caused by data theft and loss has weakened public trust in a whole host of organisations in recent months, with thefts from within St Albans City Council and a pair of NHS premises cited by Mr Dyhouse as symptomatic of the wider problem.

Mr Dyhouse said that the main problem is not occurring at the level at which most IT managers typically focus their attention; namely the security and encryption of networks and data storage systems themselves. Rather, it is rather simplest steps that are overlooked, allowing data to leak through channels that should be plugged.

In his article Mr Dyhouse suggests that the main reason for data security being demonstrably inadequate in many businesses is that there is simply not enough being done to reinforce the importance of proper protection and storage techniques with the relevant people in these organisations.

The argument extends beyond the protection of data alone, with Mr Dyhouse adding that if data is stored on a single hard drive rather than remotely on a unified server system, there is no way of knowing whether adequate backup and updates are taking place. With private information relating to millions of customers handled by certain organisations, the policies that those in charge implement in order to keep the data safe are seen to be disproportionate to the size of the risk which is posed by loss or theft.

The Information Commissioner’s Office (ICO) outlines the key strategies that businesses and public organisations are encouraged to employ in order to ensure that they are able to adequately address the threats that face their data. However, Mr Dyhouse believes that in a majority of cases these are being ignored.

The proposed solution can only be effective if proper data security and backup practices are made a mandatory part of daily life, with contingencies in place to deal with any event may breach the established rules.

Emergency services suffer data theft

Incidences of data loss and theft from publicly funded bodies seem to be occurring on a weekly basis as last week the NHS was once again the target of cyber criminals. The Scottish Ambulance Service admitted that it had been the most recent victim after a laptop was stolen from its headquarters.

According to official sources, the laptop contained personal information relating to over 600 patients, although at this time there are no specific details concerning the nature of the data. Continue reading

Yet another data breach from the NHS

It seems like every week without fail a high profile Public Sector organisation has some kind of serious data breach.

The Press Association has today reported:

“A health board has been rapped by data protection chiefs over two incidents in which patients’ medical records were lost. An unencrypted USB memory stick containing details of 137 patients was lost last June.”

The Information Commissioner’s Office (ICO) ruled that the data loss meant NHS Lothian breached the Data Protection Act.

It has got tot he point where it is getting frustrating writing in our blog about the continual data†leaks and breaches from the NHS. It seems like it is accepted that in such a large organisation that these things will happen, but sooner or later someone needs to take control of the issue and introduce nationwide policies and directives to stop this happening in future.

It raises the question, why were the details of 137 patients placed on a memory stick in the first place, and following that why are the memory sticks not encrypted?

Back in May we reported that four NHS Trusts had agreed to adopt encryption after being found in breach of the Data Protection Act by the Information Commissionerís Office (ICO).

Back then Cambridge University Hospital NHS Foundation Trust lost the medical treatment details of 741 patients, Central Lancashire Primary Care Trust lost medical treatment details of 6,360 patients in Her Majestyís Prison Preston and Hull & East Yorkshire Hospitals NHS Trust reported the loss of medical treatment details of 2,300 patients.

In a private company such embarrassing incidents would normally lead to a wholesale review of procedures so why should the NHS be any different?

With the advances in technology it is becoming easier and easier to prevent such data losses, to start with it is possible to prevent staff from transferring data onto USB sticks. If it is necessary to use USB devices then it is straight forward to ensure that the data is fully encrypted.

We will continue to report on each breach that occurs in the hope that enough awareness is raised for someone within the NHS to take the necessary action to prevent future data loss of the public’s medical records.

Manchester Council made to sit in the naughty corner after latest data breach

Manchester Council are the latest public body to fall victim to poor data protection, after two unencrypted laptops containing personal information on teachers and employees at local Manchester schools where stolen from Manchester City Hall. The ICO has forced the council to sign a promise step up their data protection policies in the future ensuring that all laptops and removable devices are encrypted.

This is just the latest occurrence of security breaches, with ICO figures showing 140 cases within the NHS and other health bodies, 53 involving the government, 60 by local authorities, 72 within quangos and 161 within the private sector.

With new technologies for encrypting and deleting data from mobile devices becoming more widely available there are no longer any excuses for sensitive data falling into the wrong hands, even when a laptop, PDA or mobile phone is stolen. It goes without saying that in addition to encryption and data deletion services if you haven’t got secure offsite backup then there is also going to be a significant disruption whilst you try to piece back together any lost data.

By implementating an online backup solution, Backup Technology could have restored the files within hours of the laptop being stolen, through secure encrypted channels.

English NHS trust rapped over data loss

Over the duration of one month, the Information Commissionerís Office has taken enforcement action on the third English NHS trust over data loss.

Brent Teaching Primary Care Trust has been reprimanded over the loss of 2 laptops that contained personal information of about 389 patients. The increase in data loss and the handling of sensitive data by the NHS using unencrypted devices is a growing concern for the Information Commissioner Office (ICO).

The two laptops were kept on the desk of a locked office, which is in breach of the security procedures followed by the Brent Teaching Primary Care Trust. Furthermore, the laptops contained sensitive information that was not encrypted.

According to the assistant Information Commissioner, Mick Gorrill, the ICO is concerned over the loss of data such as patientís personal information and the way that some NHS organisations are transferring sensitive data onto unencrypted laptops and other mobile devices.

Following the data loss, Brent Teaching Primary Care Trust has been required to sign an understanding that outlines that they will process personal data according with the Data Protection Act.

Last year, NHS Tayside and NHS Lanarkshire, were asked to comply with the Data Protection Act by signing an agreement.

To prevent such incidents of data loss and misuse of confidential personal information, it is best to have an online data backup provider that is secure and protected.

Patient data lost by two NHS trusts

Over the last couple of years, there have been several major data loss incidents. Data loss is a problem that is faced by many individuals, businesses and organisations worldwide.

Recently, two NHS trusts have suffered data loss. In one of the cases, a laptop that was carrying unencrypted data of about 5,000 patients was stolen from the premises of Abertawe Bro Morgannwg University trust, in South Wales.

According to the Information Commissioner’s Office, the computer was stolen by an opportunistic thief when the office was left unlocked. To improve the security of data in the near future, an agreement was signed by the trust to encrypt the data.

In another case, a memory stick that contained unencrypted personal information about staff and patients was lost by the Tees, Esk and Wear Valleys foundation trust.

After these incidents, the organisation has decided to use encryption techniques to safeguard valuable information. An online data backup service can prove to be extremely beneficial at such times. With the special encryption technique that it uses, one can be assured about security of data.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal