The Telegraph is reporting that two breaches involving NHS data have occurred in the
The first case involves the loss of a laptop from a car. Amazed that this is still happening. Not thefts from a car; that’s going to happen until the second coming of Jeebus, although by that time it will be more like breaking into a rocket or something. Nope, amazed that people are still taking unencrypted laptops and leaving them in their cars. Not good news for the 11,000 patients whose information got stolen. Apparently, the compromised data involves names, addresses, NHS numbers, and personal medical histories.
In the second case, six laptops were stolen from locked file cabinets at St. Georges hospital. The laptops were a temporary measure, according to an internal e-mail that was sent to
Those following this blog will recall that I’ve often preferred people using laptop computers, and locking them up at the end of the day, over desktop computers that are left in plain sight. I’d like emphasize that I’ve also noted that the lock up has to be done in some seriously secure containers…like a safe. Or a safe?like file cabinet. You know, those designed not to be broken into? A simple file cabinet will not do (which makes me wonder about the security of plain, but sensitive, paper documents). On the other hand, the fact that hospital staff were locking them up does show that they were being security conscious.
If they really knew their stuff, though, they would have encrypted the laptops—which is required: “Department of Health rules say…. Mobile storage devices including laptops must be fully encrypted.” Those are the rules. And, they’re stricter than what HIPAA requires. As far as I know, under HIPAA laptop encryption is an option, not a requirement.
Of course, hard drive encryption wouldn’t have prevented the thefts. The point is to protect the data if (some would argue “when”) the computers get stolen. Nothing gets the job done like disk encryption when it comes to hard drives, be they in computers or external.