Full Disk Encryption Employed At Sandown Health Centre After Potential Security Breach.

Another hospital in the UK has fallen to a data breach due to the lack of data encryption.  The Isle of Wight NHS (National Health Services) has announced that they’re moving rapidly to encrypt their data, and is recommending it to all medical practices, according to the healthcarerepublic.com.  I, too, would agree that full disk encryption solutions like AlertBoot are necessary in medical settings where large amounts of data are sent around via courier or other physical means.


The data breach was found when a routine check was carried out on the location of a backup computer tape—and, apparently, no one could find it.  The lost tape had information on 38,650 patients.  However, only 11,500 patients have been contacted to alert them of the breach (what’s that all about?)


The letter also mentioned that the contents of the tape were password?protected and can only be read using special software.  The former is not really adequate security, and the reasons for arriving to that conclusion are heavily documented.  The latter—I’m ambivalent on whether it represents a form of security.  On the one hand, it certainly makes it harder for one to access the data, since each software application has its own way of encoding information.  This is why you can’t open your Excel file in Microsoft Word, for example.  But, on the other hand, it’s a matter of finding the right software to get to the data.


Regardless of my position on the issue, the fact that the affected hospital has decided to encrypt all data perhaps indicates that relying on the obscurity of a file format is not the way to go when the safety of patient information is at stake.  Data encryption must have been selected for a reason.


Incidentally, this case is probably representative of recent survey results quoted in The Tech Herald that suggests business owners (and, it seems to me, anyone in the position of leadership) have an “‘air of invincibility’ when it comes to the potential for their company to suffer an intentional or accidental data exposure.”  According to that article, natural disasters weighed more heavily in their minds than data breaches.


I’m not sure if I can disagree with such an assessment—there could be a legitimate reason for thinking that way (flooding may be on your mind more often if you live in downtown New Orleans).  But, I can tell you this much: natural disasters will happen.  Data breaches will happen as well.  However, of the two, there’s nothing one can actively do to prevent the former, whereas there are simple solutions like hard drive encryption to prevent the latter.

Comments (0)

Let us know what you think