Industry Research : Cryptzone Highlights Need for NHS Data Protection
Commenting on reports that the South London healthcare trust has admitted to losing two unencrypted USB sticks containing the medical details of around 630 adults and children, Cryptzone says that this comes almost two years after the deputy Information Commissioner gave an Infosecurity Show keynote in which he revealed that a third of the 30 major data breaches the ICO handles each month involve the NHS in one shape or another.
2018 Top Ranking Performers Present:
Grant Taylor, UK Vice President of the European IT threat mitigation specialist, says that this latest NHS data faux pas shows that we are almost certainly no further along in the healthcare security space from where we were two years ago. "What saddens me most of all that is that some of the data that went walkabout as a result of these USB sticks being unencrypted involved the records of children - as well as maternity patients. These are precisely the members of society whose interests we should be looking out for, as the kids almost certainly cannot look out for their own data," he said.???"I think it also speaks volumes that the data breaches took place in separate incidents, the first of which involved patient’s information being downloaded to an employee’s home computer and then saved to a USB stick, which is a clear breach of policy on several fronts," he added. The Cryptzone Vice President went on to say that the second incident apparently involved the names and dates of birth of 30 kids - as well as the audiology reports of three more children.
As the ICO says, he noted, in both cases the data was put at unnecessary risk and, of course, in the first incident, it was claimed that the member of staff had not received up-to-date governance training. But it is incidents like these, says Taylor, that show why the use of technology as a means of enforcing data encryption and protection are so very necessary.???The latest figures show that the NHS employs around 2.8 per cent of the adult population in England - and because it is simply not feasible to expect every single employee to buy into the reasoning why patient data needs to be protected, it is important that patient data is encrypted at its source – and then highly controlled access to that data only being granted on a record-by-record basis. Using this methodology, he says, would allow an endpoint access control system to be used and one that changes the levels of security – and enforcement to back up that security technology – depending on whether the data was, for example, being accessed on a local or remote basis.
CONTACT CENTER & CUSTOMER ENGAGEMENT
BERLIN - ORLANDO - MACAO
FIND OUT MORE!
"Coupled with suitable training and ensuring staff really understand what is both right and wrong when it comes to handling patient information, this approach would allow clinical, nursing and administrative staff within an NHS environment access to patient information when they need it, but block access – such as when a member of staff tries to download the data from home – in inappropriate circumstances," he said. "The important take-out from these latest NHS data loss incidents is that, even if health care staff have had a particularly taxing day, the deployment of truly effective encryption and security technology – allied with suitable awareness training - would have gone a long way towards helping to prevent this situation from happening in the first place," he added.
"These two incidents – when taken against the ongoing backdrop of a constant stream of NHS data losses and breaches – also show why the government needs to appoint an NHS data protection czar, with the specific aim of liasing with the ICO and helping the many NHS trusts get a better grip on their levels of data encryption and protection," he added.
2018 Top Ranking Performers Present:
Today's Tip of the Day - The 3 L’s
More Editorial From NHS
Published: Wednesday, May 2, 2012
Genesys® powers 25 billion of the world’s best customer experiences each year. Our success comes from connecting employee and customer conversations on any channel, every day. Over 10,000 companies in...
Five9 is a provider of cloud software for the enterprise contact center market, bringing the power of the cloud to thousands of customers and facilitating approximately three billion customer interact...
Semafone provides secure voice transactions for contact centres and retailers taking Cardholder Not Present (CNP) payments. The solution allows a call - and the call recording - to continue as normal ...
Noble Systems Corporation is a global provider of contact center, workforce engagement, and analytics technologies, offering premise, cloud, and hybrid platforms. Noble Systems has been providing inno...