Security Bullet In
Communiques from the security front, sir
Wednesday 23 January 2008, 3:51 PM
More patient data lost
After media reports of the lost Stockton data stick, a student in Greater Manchester realised that she had picked up a USB drive last August that could have relevant data on it. Lo and behold, when she accessed the data, it turned out that over 340 patients' details were accessible and unencrypted.
From the article:
"A computer memory stick holding confidential medical information and personal details of hundreds of people was found in a car park.
The names, addresses, dates of birth, home and mobile phone numbers and conditions of more than 340 patients were on the device - but no one had noticed it was missing even though it had been lost for several months.
Health bosses have launched an investigation after it was passed to the [Manchester Evening News].
Most of the patients listed have diabetes and were part of a trial in preparation for a scheme providing eye tests for more than 10,000 people across Greater Manchester. The data stick contains encryption software but this had not been activated, meaning anyone could access the information.
It is understood that the information on the memory stick relates to patients of Specsavers at 17 The Birtles in Wythenshawe, although they came from areas including Salford, Marple, Stretford, Northenden, Stockport, Timperley and Sale.
Health bosses will urgently write to all the patients involved to apologise and arrange to address any concerns."
The news broke on the same day that the Ministry of Justice revealed it had lost four discs containing data, in the post, while news broke over the weekend that the Ministry of Defence lost details on upwards of 600,000 potential or actual recruits this month.
IT consultants criticised events leading to the slew of data loss incidents that have recently come to light.
Paul Vlissidis, technical director of NCC Group’s ethical security testing division, said:
“Organisations need to wake up to the fact that their data is precious and enforce its protection properly. This means no more storing hundreds of thousands of sensitive records on unencrypted hard discs, [and] bans on taking information off-site. I doubt Fort Knox would let staff take gold home with them for the weekend."
PreviousComments on this post
The fact that the disc went missing and for several months no one noticed suggests that this was an employee's own USB stick, onto which they made a copy of this data.
It seems as though the people who work in these departments are allowed too much access to sensitive data.
In the private sector this sort of carelesnes gets you sued!
This site is beginning to suffer from info overload problems! The writers' themselves are literally jumping from subject to subject and commenting on just about anything. There seems to be no focus or specialization and no one particular article or subject lasts long enough to be properly fleshed out - at least to the point where the 'lead contributor' (moderator) says – “Ok, enough”.
Like so many other sites, this one is limiting the effectiveness of the service by offering too many topics and too much information. Lately, I've felt like I'm visiting an information flea market - wandering aimlessly about the stalls until something reaches out and grabs my attention and compels me to participate. The overload makes it hard to determine what exactly is important here. Take, Identity Theft. It’s either an ongoing, evolving subject or one that is relevant only when an event occurs. Someone needs to decide which topics/ subjects are permanent and which are transient or it just won’t sustain my interest. If you like, I am more than happy to provide a working framework for discussion.
TFD
Thanks for your comments, TFD--it's a topic we've put some thought to. Communities need a shared area of interest at their centre to engage members, and if posts deviate too far from this area, then people will be put off. For this reason, some argue that all content posted in a community space be filtered by a moderator, to keep it on message. Others say that there should be no constraints on what's posted at all, even on spam.
What ZDNet.co.uk aims for is to be as open as possible while keeping things interesting. We believe that off-topic content will fail to thrive, because people will just not comment on it or read it. It's really up to members to set the tone of the discussion, by participating and clicking. Of course, we play our part too, by highlighting those posts that are popular or that have an insight into some aspect of business technology. (These are the blogs that appear on the Community or Blogs home page.) We also encourage people to make sure their entries are valuable for other readers.
If anybody has any feedback on this, please get in touch. Just post a comment here, or send me an internal message or an email to Community.Manager@zdnet.co.uk. It's your chance to help shape the community.
