Confidential data lost on unprotected USB Stick
The security risks associated with storing personal data on a USB stick were highlighted last week following the apparent theft of an unprotected stick at the Nottingham University Hospitals Trust.
According to a report on the E-Health Insider newswire, USB sticks are widely used by junior doctors in the hospitals trust as a means of storing confidential patient data.
Normally, says the newswire, the data is protected using encryption, but it quotes a foundation year one doctor as saying this is not always the case.
This security lapse was highlighted, says the newswire, when a USB stick containing "highly confidential patient data" was stolen from a junior doctor.
Calum Macleod, European director at security specialist Cyber-Ark, says the practice of storing patient data on an encrypted USB stick is fine in theory, but a nightmare to administer. "Enforcing a policy of encrypting patient data stored on USB sticks is almost impossible, so it's hardly surprising that there should be a security scare," he says.
"The Hospitals Trust would do well to consider storing the data centrally on a highly secure, encrypted and protected digital vault, and have the medical staff access that information securely across a network," he adds.
According to Macleod, what the solution loses in terms of convenience is more than made up for in terms of patient privacy and elimination of the possibility for legal action.
Reproduced from an article published by Manufacturing Computing Solutions
© Manufacturing Computing Solutions
The original article can be viewed here:
http://www.mcsolutions.co.uk/article/10484/Confidential-data-lost-on-unprot...
Permalink Bookmark Digg this story
