Posted on October 4, 2011 by Nick Lowe
A report from the Surrey and Sussex Healthcare NHS Trust in the UK has revealed that East Surrey Hospital lost the details of 800 patients in September 2010 but failed to notify any of the affected patients*. The Trust’s 2010/2011 annual report stated that the lost information had been held on an unencrypted memory stick, and included the names, dates of births and operation details of each patient. The report also revealed a further nine “near misses” whereby information was lost but later recovered.
It’s a worrying situation when it is no longer surprising to see an NHS data breach with a lost, unencrypted USB stick at the heart of it. Such devices – which have proven to be consistently vulnerable to loss, theft and poor security practices – must be retired. Technology has moved on, and so should organisations looking to transfer information securely. Only by using modern Secure File Transfer solutions can organisations be sure that their data is protected at all times, and only accessible by the intended recipient.
It’s also hugely disappointing to see that the Surrey and Sussex Healthcare Trust failed to notify the individuals affected by the data breach. The Trust has an obligation to protect the personal information of those in its care properly, however, revelations of the poor data security and failure to notify, indicate that there are some serious flaws in its current approach.
It’s unclear just how many more of these incidents are needed before lessons are learned and changes made, but this data breach, along with the nine “near misses” mentioned in the report, will do little to inspire public faith in the NHS.
#PrivSec Twitter Q&A with Jon Oltsik: Advanced Cyber Threats Demand a New Privileged Account Security Model
Posted on June 18, 2013
Posted on May 31, 2013
Posted on April 1, 2013
Posted on February 22, 2013
DoE Security Breach Proves No Organization is Immune to Advanced Threats and the Privileged “Insider”
Posted on February 15, 2013
Posted on February 4, 2013
Posted on January 22, 2013
Protecting Privileged Accounts can be the Difference Between “Managing” and “Securing” File Transfers
Posted on January 10, 2013
Posted on August 1, 2012
Copyright 2013 Cyber-Ark Software - All Rights Reserved