The East Sussex NHS Trust has issued letters of apologies to 3,000 patients after a member of the public found a memory stick containing personal information.
The stick was not password protected.
It’s sheer luck that the USB stick landed in the hands of an honest citizen. The data on the device could have easily provided a means for criminals to commit identity theft.
One affected patient, Simon Keen, said, “They could have credit cards made; things could be purchased online – organised criminals pay a lot for this information.
“Yet the NHS is putting it on a computer stick and a member of the public is finding it in the street.
“I find that really disturbing.”
Not compliant with trust policy
Darren Grayson, chief executive of the Trust, said that the stick belonged to a member of staff and was not compliant with Trust policy.
Incidents such as this further demonstrate the importance of having an information security management system that relies on people, processes and technology.
Whatever the policies or processes in place were, they clearly weren’t enough. Perhaps this wouldn’t have happened with better technology and well-trained staff, and 3,000 people wouldn’t be receiving bad news in the post this week.
To learn more about an information security management systems, download the below green paper.