The loss of a laptop computer by a hospital is rocking the
The story was broken when patients received letters from the hospital trust regarding the data breach. The letter also mentioned that there was password?protection on the laptop, but no disk encryption, according to the BBC. The manager in question has been suspended while investigations are underway.
Who’s to blame? Well, there are plenty of people. To begin with, there’s the manager. Number one, he was carrying around the data in a laptop without hard drive encryption, against hospital policies, sounds like. And, he left it in a visible place inside his car (He’s lost a laptop and has to replace his car window). But then, he was also on holiday.
You know, when a company forces an employee to work during his time off—well, things are bound to happen. I often argue that one shouldn’t rely on the form factor of a device for data security; that is, a desktop computer is no safer than a laptop computer when it comes to data protection, for example. You want to have some kind of encryption on those devices to protect the data, just in case—theft, random loss, rogue employees, break-ins, etc. At the same time, encryption or not, I wouldn’t advocate walking around with sensitive data unless you truly have to. Especially, during one’s holidays.
Also, I wonder what the hospital managers—the suspended manager not included—are thinking. I get the feeling that they haven’t thought through their data security needs. To begin with, one aspect of their security management seems to be all talk and no action: “patient data should not be stored unencrypted on a laptop and he had previously written to staff with such computers reminding them of this.” Remind all you want, but the reason why people need reminders is because they’re actively not doing something; that’s why they need to be reminded. If the hospital was serious about security, they probably would have deployed something hospital?wide.
Then, there is this gem: “The computer was password-protected and only authorised staff could access the data.” As anyone in the
Encryption. It’s pretty much the only game in town if you want to safeguard the data found on computers. Not just computers, in fact. Encryption solutions provider AlertBoot, for example, offer security for external drives, USB flash drives, CDs and DVDs, etc—anywhere digital media security is needed.
Other Related Articles: