Password creation policies are the enemy of secure... » Commenting on reports that a security developer has concluded that password-creation policies are th... Thousands of Young Adventurers kept safe with M2M ... » Thousands of teenagers taking part in the annual two-day Ten Tors Challenge across Dartmoor in Devon... avast! Free Antivirus for Mac tops CNET’s download... » PRAGUE, Czech Republic: Three days after its release avast! Free Antivirus for Mac shot to first pos... USB-Tischmikrofone von Imtradex gewährleisten schn... » TM2-LS und TM3 verbinden innovative Technik mit einfacher Handhabung Dreieich: Schnelle und einfach... Opengear wins Information Technology Industry’s 20... » Opengear ACM5504-5-G-I Remote Infrastructure Management Gateway Honored at Interop Interop, Las Veg... ISACA Speaker urges IT candidates to shift career ... » In-depth discussion to be held at INSIGHTS 2012 London, UK: Recruiting in the technology sector is ... Venafi hails FBI’s hotel-network security warning ... » London: “Everyone with an Internet connection has a stake in understanding the critical links in the... Is loaphobia causing workers to fear losing their ... » 19% missed a critical deadline because they couldn’t access the right applications, 14% lost a job a... Whoopee! £38 billion blackhole in Defence budget e... » Vigilance can report that the MoD’s budget deficit has been wiped out for the first time in a genera... Media Alert: DDoS tool (LOIC) downloads increasing... » Imperva's Application Defense Centre has been tracking the Anonymous DDoS tool, LOIC, and the number...

Sub Menu

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to our Newsletter

Information Security Header

Encryption of medical data essential as 1,500 patient records stolen

Print PDF

Written by DARSHNA KAMANI | 06 February 2012

Reacting to reports that a Gosport podiatrist's records laptop containing both personal and medical details has been stolen, Cryptzone says that any database containing medical information needs to be encrypted – period.

According to Grant Taylor, UK Vice President of the European threat mitigation specialist, whilst the podiatrist claims the laptop was protected by a Windows password, this form of security is rudimentary at best, and can be cracked in minutes by a determined hacker.

“And since we’re talking people’s medical details here – with all the associated issues of financial and emotional blackmail, fraud and other nastiness that ensues – a Windows password is about as much use as a chocolate teapot. Encryption is a must-have, as is the question as to whether this information should be on a laptop in the first place,” he said.

“The fact that the ICO is already on the case is an indication of the potential severity of this clear breach of the Data Protection Act. And as the penalty of £140,000 levied earlier this week against Midlothian Council – the highest fine for a data breach seen so far – clearly shows, the ICO is clearly gunning for those organisations that drop the ball on data security,” he added.

The Cryptzone UK Vice President went on to say that with the enhanced penalties that can be levied under the Data Protection Act coming up for their second anniversary this spring, there are signs that the ICO is prepared to clamp down hard on organisations – on both side of the public and private sector divide – that break the provisions of the Act.

And let’s not beat about the bush, says Taylor – the Data Protection Act has been backed by the full weight of the civil and criminal law ever since it was created in 1998. In addition, whilst the eight data protection principles involved are quite complex, a breach of the Act is an offence that now brings with it penalties of up to a quarter of million pounds.

On top of this, he explained, a fine is only one part of the penalties that an organisation can suffer. There is also the public embarrassment and the potential loss of confidence that needs to be considered.

It doesn’t help the reputation of the organisation concerned when the first news reports on the loss quote the laptop user as saying she does not know much about encryption - and that she is not good with computers - as the company should have provided effective security training for its staff, especially since they deal with patient data.

“This unfortunate case highlights all that is wrong with IT security education and policy enforcement in the private sector. Better education and mandatory encryption of medical records is clearly called for,” he said.

“As the dust settles on this case and a full ICO investigation ensues, it is to be hoped that the lessons learned will act as a wake up call to anyone handling patient data, regardless of who their employers are. Medical data needs protection, especially in portable computing environment,” he added

< Prev   Next >

Add comment


Security code
Refresh