The Hospital Authority in Hong Kong announced two data breach incidents. The breaches could have been easily avoided by following proper procedures and using information security software such as drive encryption software from AlertBoot.
Caritas Medical Centre and Kowloon Hospital
Caritas Medical Centre experienced a breach when a computer disk drive went missing from a locked room. The disk was “pending destruction” and contained the information for approximately 3,000 ophthalmology patients–including names, sex, ages, and identity card numbers.
Kowloon Hospital saw a less excusable breach when a USB drive with the information of 300 student nurses was lost. A clerk had stored the information for “daily contact purposes.” The information included names, sex, phone numbers, and e-mail addresses.
Of the two, the Kowloon incident is more glaring. It involved a personal USB drive, devices that have been banned from medical establishments ever since the tiny island started realizing that HK was suspect to medical data breaches just like any other city: The United Christian Hospital lost a USB disk in April 2009. Yan Chai Hopsital lost floppy disks in July 2008, which were about to be encrypted, ironically enough. These two are not the only breaches Hong Kong has had in the past, obviously; there were others that I didn’t cover.
And, while the Caritas situation is understandable, I’m not sure it’s excusable. Granted, the now-missing computer hard drive was in a locked room, but it wouldn’t be the first time something went missing from a locked room at a hospital.
It would have just made sense to use a solution like full data encryption (on both devices, now that I think about it) to ensure the information remains protected as it is destroyed.
Related Articles and Sites: