Log in

Posts Tagged ‘London’

London Health Programmes under fire for failing to report laptop loss

June 19th, 2011

Laptop Loss is a Major Business Risk

In the last few posts we talked about data theft/illegal data accessing. This post talks about the physical theft i.e. stealing of laptops ! Laptop theft is a significant threat to computer users. Many tools such as laptop locks, alarms and visual deterrents such as stickers or labels have been developed to prevent laptop theft. Victims of such a theft lose hardware, software and important data if they fail to back it up.

London Health Programmes, a medical research organisation based at the NHS North Central London health authority, has lost 20 laptops. This could be the biggest ever health care data breach suffered by the NHS.

Only 3 laptops have been recovered so far. One of the missing computers contained details of 8.63 million people and the NHS medical records of 18 million hospital visits, operations and procedures. The information included the postcode, age, ethnic origin of the respective patients, but not their names. This machine was, unfortunately, not encrypted. It was taken from a storeroom of NHS.

Any allegation that sensitive personal information has been compromised is concerning, and we will now make enquiries to establish the full facts of this alleged data breach,” the ICO said in a statement on Wednesday.

According to a spokeswoman for the ICO told ZDNet UK ”If the data has been breached, the implications could be serious, according to the ICO. “[The NHS] holds millions of [bits of] data on millions of people. They’re probably the body that hold the most sensitive data in the UK, they have millions and millions of records being accessed every day,”

NHS has suffered multiple breaches in the past few years. The Information Commissioner’s Office issued a public warning to the NHS in the year 2009 to beef up security.

What could be more disturbing is the fact that the laptops could have been encrypted all along. David Tomlinson, managing director of Taunton-based Data Encryption Systems, said the NHS has a licence to run McAfee software on all its computers, including the SafeBoot disk encryption product.

“If someone wasn’t encrypting their laptops, questions should be asked,” he said, “because they’ve paid for [the encryption].”

The Information Commissioner’s Office (ICO) and the police are investigating the theft.

Better late than never, the Department of Health issued a statement saying all NHS organisations should ensure laptops are encrypted.

Alertsec at your service

Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! This news stresses the need for data protection applications. The loss in the above incident could have simply been reduced to an insurance matter by a mere investment of $13/month. The amount is meager compared to what the company has lost. The need of Data encryption software and recovery software cannot be underestimated . Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in Computer security, laptop theft

Tags: alertsec AlertSec Xpress computer encryption software Health care laptop London Medical research National Health Service Notebooks and Laptops Sun Theft

Officials Defend their Response to Security Breach

December 11th, 2010

: Security Breach in London

Recently an incident of massive security breach happened in London area school board. Two senior education officials said that many lessons can be learned from this breach that exposed 27,000 student passwords on the Internet.

How Did Security Breach Take Place

One of the senior officials Bill Tucker, who is education director at the Thames Valley District School Board, his website was hacked in the October attack. As a free press investigation published on Saturday revealed that it took the school board more than 12 hours to call police about the breach, the board’s top official defended its response.

Tucker said on Sunday that,”I’m absolutely comfortable with the way senior administration responded to the breach, we found out late in the afternoon (Oct. 20), the student portal (on the board’s website) was shut down, police found out the next morning and at no time was student safety at risk”.
“Any e-mails going around were copied to me and I insisted on face-to-face meetings (with administrators handling the breach) because the situation was so serious”. He said, “It’s been a learning experience for the board, as a school board, we’ve learned many lessons”. For instance, when we are looking at the encryption of new codes, we need to get on top of it a lot faster, in terms of adapting to new technology.

Obtained emails show that while administrators knew before 9:30 p.m. on 20th Oct. that the board’s website had been hacked and that passwords for more than 27,000 high school students had been posted on facebook hours earlier, the board was not alerted the police until 9:30 a.m. the next day.

Security Risks of Breach

There were immediate security risks because many high school students use their passwords for other purposes, like banking and other online accounts. But that’s not how some Thames trustees sees it.

Officials Defending Response:

New board chairperson Tracy Grant wrote in an e-mail response through facebook that “our administration did react swiftly to the breach, immediately shutting down the portal and ensuring the security of the system, most people are aware that they should personally guard their passwords and not use the same password for different applications – I think our students are particularly aware of the importance of changing and protecting their passwords”.

Grant did not respond to a request for clarification or provide a contact phone number but pointed out London police began a so called Code 3 response to the situation, “indicating it was not of highest priority”.

Arlene Morell, a parent who heads the board’s parent involvement committee, said that the primary concern should always be the safety and protection of all students. “And I believe it was, freezing, shutting down and whatever they can do internally to ensure the protection of students was safeguarded,” she said.

Data breach is the unintentional release of secure information to an untrusted environment so the protection of data (information security) is very important.

How Alertsec Xpress Would Have Helped:

In an incident which highlights the need of a data security and recovery software, the threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

School board to upgrade security after 27,000 student passwords hacked (theglobeandmail.com)
Teen charged after 27,000 student passwords posted (thestar.com)

No comments »

Posted in data breach

Tags: data data breach data security Information Loss London Password security Student

Royal Wolverhampton Hospitals NHS Trust looses patient records

August 26th, 2010

: Image via Wikipedia

Yet another NHS Trust has been found in breach of the Data Protection Act (DPA) after it lost sensitive patient records stored on an unencrypted CD.

Information Commissioner’s Office (ICO), the data security watchdog explained that the Royal Wolverhampton Hospitals NHS Trust lost a CD containing over 100 records from the Intensive Care Unit of New Cross Hospital’s Heart and Lung Unit.

The lost CD which was unencrypted with no password protection was later found at a bus stop near the hospital. “The fact that this information was several years old is of no consequence – patients’ personal data should always be handled in accordance with the Data Protection Act,” said Mick Gorrill, head of enforcement at the ICO. “I am pleased that the Trust has agreed to take remedial steps to ensure such an incident does not happen again,” he added.

The trust and ICO have been unable to determine how or why the CD was made. The Trust has agreed to sign a formal undertaking with the ICO to ensure similar incidents do not occur in the future. This will involve better staff training in data protection and ensuring patient charts released to consultants are signed for and chased up for return every week.

Though the matter has been put to rest now, security vendors have a different take on the incident altogether. Mark Fullbrook, UK and Ireland director at Cyber-Ark, argued that it is lucky to have escaped without a fine.

“What’s particularly disappointing in this case is that, with so many better-enabled devices and means of storing information, should this highly sensitive information have really been held and transported by CD?” he added. “The Trust couldn’t even explain how and why an unprotected CD with patient records was produced in the first place.”

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.