- Image via Wikipedia
Yet another NHS Trust has been found in breach of the Data Protection Act (DPA) after it lost sensitive patient records stored on an unencrypted CD.
Information Commissioner’s Office (ICO), the data security watchdog explained that the Royal Wolverhampton Hospitals NHS Trust lost a CD containing over 100 records from the Intensive Care Unit of New Cross Hospital’s Heart and Lung Unit.
The lost CD which was unencrypted with no password protection was later found at a bus stop near the hospital. “The fact that this information was several years old is of no consequence – patients’ personal data should always be handled in accordance with the Data Protection Act,” said Mick Gorrill, head of enforcement at the ICO. “I am pleased that the Trust has agreed to take remedial steps to ensure such an incident does not happen again,” he added.
The trust and ICO have been unable to determine how or why the CD was made. The Trust has agreed to sign a formal undertaking with the ICO to ensure similar incidents do not occur in the future. This will involve better staff training in data protection and ensuring patient charts released to consultants are signed for and chased up for return every week.
Though the matter has been put to rest now, security vendors have a different take on the incident altogether. Mark Fullbrook, UK and Ireland director at Cyber-Ark, argued that it is lucky to have escaped without a fine.
“What’s particularly disappointing in this case is that, with so many better-enabled devices and means of storing information, should this highly sensitive information have really been held and transported by CD?” he added. “The Trust couldn’t even explain how and why an unprotected CD with patient records was produced in the first place.”
Want to prevent breach?
Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.
A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.
