Cyber-Ark says NHS Grampian laptop theft highlights need for private data to be securely data vaulted
April 2009 by Cyber-Ark
Cyber-Ark, the digital data vaulting specialist, say the theft of a laptop from Aberdeen Royal Infirmary recently, which contained the details of more than 1,300 patients, could have been avoided.
"This incident, involving a laptop stolen from a locked office, smacks of poor security policies at the NHS authority," said Mark Fulbrook, Cyber-Ark’s UK and Ireland director.
"Granted, the laptop was protected using a standard Windows password, but this level of security can easily be circumvented by an IT professional. You have to question why the data was stored on unencrypted basis on the computer in the first place," he added.
According to Fulbrook, patient data of this type should never have been stored on a portable computing device, but stored instead on a computer server in encrypted format, accessible to laptop users on a remote - and encrypted - VPN basis.
Using this approach, with the master passwords only accessible to a few senior offices using a data vaulting approach, would mean that access to the patient data was available on a fully audit logged and authenticated basis.
The fact that data was on patients with an inflammatory bowel problem, he went on to say, is all the more embarrassing for the patients concerned, who will now be worried about their friends and colleagues discovering their unfortunate problem.
Worrying about medical problems being revealed, he explained, are potentially much more embarrassing than almost any other issues being made public, and the fact that these types of diseases are often made worse by stress is really bad news for the patients concerned.
"Not only will the patients affected by this laptop theft be worried about their data being made public, but the worry of the situation could actually make their problems worse," he said.
"The fact that the problem was totally avoidable makes this data loss situation a lose-lose event for all concerned," he added.