Actu
Egress Software Technologies enables the first NHS Trust to meet Department of Health requirement to have all mobile devices encrypted
June 2008 by Emmanuelle Lamandé
City and Hackney Teaching Primary Care Trust has selected Egress Software Technologies to implement a solution that made Hackney PCT the first NHS trust to meet the Department of Health requirement to have all mobile devices encrypted.
The Cabinet Office and Department of Health issued a directive in January 2008 to NHS trusts in the UK mandating that all mobile IT devices containing patient identifiable data must be encrypted by 31st March 2008 – this included all laptops and removable media devices including memory sticks and mobile telephones. Hackney PCT evaluated six companies and selected Egress Software Technologies to implement Check Point’s End Point Full Disk Encryption and End Point Media Encryption and Port Protection for all of the trust’s PCs.
City and Hackney Teaching PCT’s Head of ICT, Tim Wilson, wanted to encrypt the hard disks on all of the 1,400 desktop and laptop computers. The trust has a large number of laptop and tablet PCs for employees that are mobile but need to stay connected and staff also use memory sticks on a daily basis to transfer data. Securing desktop PCs was not part of the DoH directive but Hackney PCT was aware of the potential for desktop theft – and the fact that inevitably users save data to the PCs’ hard drives rather than the server. The data being stored on memory sticks was often sensitive but staff needed to use the devices to help them work effectively, so a decision was made to replace all existing memory sticks with Hackney-issued devices with encryption enabled to safeguard the data in case of loss or theft.
City and Hackney PCT needed to control the mobile devices that could connect to the trust IT systems, allowing for only authorised devices to connect but also to audit the data transferred between the fixed and mobile devices. The trust wanted a solution that could be implemented quickly and seamlessly to the user community (many of whom who have little or no IT knowledge) without disrupting services.
Egress Software Technologies was selected and given three weeks to design and implement the products and train staff before the 31st March deadline. The software was deployed silently to all machines within the environment over a 7-day period without any disruption to services (two days ahead of schedule). All existing memory sticks were exchanged for new Hackney PCT supplied AES 256-bit encrypted devices and only these devices can be used on any of the systems. The software also provides an audit trail to be able to tell exactly what is on each device and provide a risk analysis if a mobile device is lost or stolen.
