Credant says latest NHS laptop loss highlights need to protect data on portable elements of integrated IT systems

Dallas, (PresseBox) - Reports that Huddersfield health officials have launched a high-level enquiry after a laptop containing 1,500 patient records was stolen, has been met with incredulity by Credant Technologies.

According to Sean Glynn, the endpoint data protection specialist's vice president, unlike most NHS laptop thefts, the notebook was not used as a portable and/or standalone device, but apparently formed an integral part of Calderdale Royal Hospital's electromyography scanning system.

"This probably means that the health trust didn't apply its usual risk management procedures to the device, since it ostensibly formed part of the EMG patient scanning system. The data on the system should, however, have been encrypted, if only to prevent prying eyes looking at the patient records, especially since this was a scanner looking for a potentially serious clinical condition," he said.

"What the case highlights is the fact that patient data within the NHS needs to be protected at all times, preferably using encryption, but also, where the IT system has components - such as a laptop in this case - much higher levels of security clearly need to be employed," he added.

And, he went on to say, since the EMG scanner was located in a public place, namely a hospital, with members of the public wandering in and out, the laptop should have been both physically and electronically secured, to prevent theft.

This, says the Credant vice president, clearly didn't happen, meaning that that the trust's patient data and IT security policies were broken on several fronts.

"It's no wonder that the local press in Huddersfield is reporting that the health trust has launched a full investigation. This wasn't a routine case of a laptop being stolen due to a member of staff's carelessness," he said.

"Managers should have performed a full risk analysis, and defended both the scanner's portable component - in this case a valuable laptop - and even more importantly, the confidential patient data it contained. This is a serious lapse of NHS security policies," he added.

Glynn noted that Credant's summer 2010 research into portable data security threats - and which took in the views of 277 IT security professionals - showed that laptop and other portable data-carrying devices are the security equivalent of a ticking time bomb.

"With 11 per cent of respondents to that survey having experienced a data breach early last year, it's clearly a case of not if, but when, a laptop is likely to be stolen in a public-facing environment," he said.

"The fact that the laptop was probably classed as a medical scanner component, rather than a portable device, did not matter a jot to the thief. A laptop is a laptop, and laptops can - and do - go walkabout with annoying frequency," he added.

For more on the Huddersfield NHS laptop fiasco:

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Risiken und Probleme bei der Datenschutzfolgenabschätzung

Die Da­ten­schutz-Grund­ver­ord­nung (DSG­VO) for­dert ge­ne­rell ei­nen ri­si­ko­ba­sier­ten An­satz bei der Wahl der Schutz­maß­nah­men. In be­stimm­ten Fäl­len muss zu­dem ei­ne Da­ten­schutz­fol­gen­ab­schät­zung durch­ge­führt wer­den. Oh­ne Vor­be­rei­tung wer­den Un­ter­neh­men da­zu aber nicht in der La­ge sein, ein gan­zer Pro­zess muss ge­plant und auf­ge­setzt wer­den.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.