Monday, May 25, 2009

More Data Losses

The RAF an the NHS are at it now. Please, if you don't already, support the excellent No2ID.

The personal medical records of tens of thousands of people have been lost by the NHS, the Department of Health has confirmed.

A total of 140 security breaches were reported within the NHS between January and April this year.

These included computers containing medical records stolen and left by skips and stolen and passwords taped on encrypted discs with sensitive information, The Independent newspaper said.

Over the last six months, the Information Commissioner has been forced to take action against 14 NHS bodies for breaching data regulations.

In an interview with the newspaper, Commissioner Richard Thomas, said the watchdog had ordered an urgent review of data security in the health service.

Mr Thomas has written to the Department of Health calling for immediate improvements to the lax treatment of personal data within the NHS.

The Independent reported that Mr Thomas plans to send in a "crack team" of inspectors to examine how data is protected by hospitals and medical workers across Britain.

One GP downloaded a complete patient database, including the medical histories of 10,000 people, on to an unsecured laptop, the newspaper reported. The laptop was then said to have been stolen from his home and never retrieved.

In another alleged breach, a memory stick containing the medical histories of 6,360 prison patients and ex-inmates of Preston prison was lost. Though the data was encrypted, the password was written on a note that was attached to the device.

Mick Gorrill, assistant information commissioner, warned of a "complete disconnect" between procedures laid down by managers and practice "on the ground".

Senior RAF staff could be at risk of blackmail after files detailing alleged drug abuse, extra-marital affairs and use of prostitutes were stolen, it has been reported.

Computer disc drives taken from RAF Innsworth in Gloucestershire contained details gathered while vetting staff for security clearance, the Guardian has claimed.

At the time of the theft in September last year, the Ministry of Defence said that personal data such as bank details and addresses could have been lost.

But an internal memo obtained under the Freedom of Information Act and published in the Guardian appears to confirm that "vetting" information also disappeared.

The memo states: "This information included details of criminal convictions, investigations, precise details of debt, medical conditions, drug abuse, use of prostitutes, extra-marital affairs including the names of third parties."

It adds that the data is not "routine vetting information" but cases referred to the RAF because of their "serious vulnerabilities."

"This data provides an excellent target list for foreign intelligence services, investigative journalists and blackmailers. Moreover, if the information relating to the private lives of RAF personnel, especially of some very senior officers, enters the public domain, the reputation of the service will be tarnished."

Details of the memo form part of BBC2 programme Who's Watching You which will be broadcast on Monday night.

A spokesman for the Ministry of Defence could not confirm the nature of the lost data but said: "All individuals identified as being at risk received personal one-on-one interviews to alert them to the loss of data, to discuss potential threats and to provide them with advice on mitigating action.

"There is no evidence to suggest that the information held on the hard drive believed to have been stolen from the secure SPVA site at MoD Innsworth has been targeted by criminal or hostile elements."

No comments: