Three health trusts in the UK have had 30 data breaches in the past two years, according to reports. According to the BBC, Devon Primary Care Trust, Derriford Hospital, and Torbay Primary Care Trust have reported that they’ve had 30 breaches in total.
Yes, you read those numbers correctly – three organizations and thirty breaches.
The lost information included patient data which may have included NHS numbers, names, medical conditions, and other information, depending on the breach. The losses included laptop thefts and the theft or loss of memory sticks with sensitive data. In no cases were any of the devices protected with hard drive encryption software which could have easily eliminated any instances of a data breach from occurring.
Rest easy, They’ve Learned Their Security Lesson
According to the BBC, “all the health trusts which lost data said they had learned from the cases.” Of course, one has to ask why it took 30 breaches to then create an environment that looked for solutions! But the claim is that now all data is stored on secure servers and all staff have been issued with encrypted memory sticks and associated training. Plus each trust now has an official whose job was make sure information is secure.
A Trust spokesman was unable to say exactly when the theft occurred and if patients were told at the time, but in a prepared statement pointed out that at least some of the laptops had password protection. However, unlike encryption, password protection can be breached in many ways.
Hospital Laptop Safety
As our recent article Data Loss is the Other Guy’s Problem pointed out, hospital are at high risk for data loss. Yet, they remain slow to adapt and slow to realize that services like Alertsec with hard disk encryption that are so affordable as easy to manage. I just did a Google search on “hospital data breaches” to quickly find reports like:
- Georgia hospital health data breach due to outsourcing error
- Indianapolis Hospital Data Breach Affects 51,000 Patients
- Westerly Hospital data breach affects 2000
- Thousands of patients at a Kern County health clinic have been warned their personal information could have been stolen
These losses tie to the fact that “Health care is a treasure trove of personally identifiable information,” says Don Jackson, a researcher at security consulting company Secure Works Inc. Most health-care organizations collect patient’s names, Social Security numbers and dates of birth. Plus they store payment information such as insurance and credit-card data. This is the holy grail for a thief in terms of financial opportunity.
It’s interesting to note that “a unit of hospital purchasing alliance Premier Inc. has begun offering insurance designed to protect members against the cost of data breaches” which highlights why the government regulation is so important. Unless the fines and implications are severe - this industry, which is accustomed to using insurance to alleviate risks is likely to continue to be a data security black hole.
You really make good articles I would say. This is the first time I visited your site and so far I am impressed with the research you made to make this article awesome. Good Job!