mobile security

Hospital staff in Nottingham have issued a warning after a laptop was stolen which contained confidential patient data. The data includes names, addresses and dates of birth of some 11,000 children from the Newark, Mansfield and Ashfield areas. The hospital has contacted all affected familes and has setup a helpline. It also said it is very sorry for what has happened.

Now, I have reported on laptop thefts before, and will continue to do so in the future and this story has similar hallmarks to the Nationwide laptop theft which occurred last November.

Point no.1 The NHS is the biggest employer in Europe - yet their security policy obviously does not contain any statements about mandatory disk encryption. But apparently thats OK because according to Wendy Saviour, the PCT’s Chief Executive, the laptop was password protected (yeah OK). What I want to know, is how does the biggest employer in Europe have such crap security?

Point no.2 Apparently the NHS is very sorry about this. In this day and age, these kind of events should not be happening. This is a fundamental failing in the system. Laptops always have been and always will be hot potatoes. Easy to steal and easy to sell on. Many moons ago when I was a student, I used to work in PC World in the UK and every weekend we would have several people come into the store to ask ‘do you sell power supplies for IBM model X or Compaq model Y. Initially (until the penny dropped) I was amazed by how many people would loose their power supplies!

Come on NHS. You are legally obliged to provide patient confidentiality. There is no excuse for such lax security.

Powered by Gregarious (41)