January 28, 2009    

Welsh NHS Trust data loss avoidable

by CREDANT Technologies

According to Credant Technologies a Welsh NHS Trust, which has been rapped over the knuckles for being in breach of the Data Protection Act after losing data on 5,000 patients held on a laptop, could very easily have avoided the problem had it used encryption technology.

“The Information Commissioner’s Office has quite rightly found the Abertawe Bo Morgannwg trust to be in breach of the DPA for losing the data on the South Wales patients in its area,” said Michael Callahan, Credant’s vice president.

“It’s good to see that the ICO has elicited an agreement with the Trust to encrypt all of its patient data in future, and step up IT security generally,” he added.

According to Callahan, had the Trust used encryption on the laptop -in line with security policies in a growing number of companies in the private sector – then the embarrassment and possible litigation from the patients concerned could have been avoided.

Whilst the data held on the laptop was password protected, Callahan says that breaking Windows password protection is now relatively easy on a notebook, especially if the hard drive is removed and installed on a hacker’s test bench.

“Criminals are becoming highly sophisticated in their approach to IT these days. They are becoming aware of the value of the data on the notebook’s hard drive, as well as the inherent value of the hardware, so anyone storing sensitive data on notebooks should use encryption as a matter of routine,” he explained.

Click here to discuss this: Security Forums

Related posts to "Welsh NHS Trust data loss avoidable":

• Pension Holder Data Loss Avoidable
• Origin says MBNA laptop fiasco could easily have been avoided
• Welsh government website serves malware
• Welsh e-Crime seminar next week
• Public Have No Mercy Over Personal Data Loss

Previous: « ISACA Business Model for Information Security
Next: Fraudulent payments gnaw at revenues »

Visited 788 times, 2 so far today