If you trust the NHS with your health, then surely you should be able to trust them with your private data? Apparently not it would seem, as the Surrey and Sussex Healthcare NHS Trust lost 800 patient records and failed to tell them.
NHS and Data Breaches
It appears that the NHS lost the confidential data on an unencrypted memory stick which happened back in September 2010. The NHS has had a long string of data breaches, but what sticks out in this particular case is that the 800 patients who had details compromised were never informed.
The ICO has produced guidance for health organisations in an attempt to reduce the amount of data breaches incurred by the NHS. Previously, the ICO published a list of 1,000 most serious data breaches since 2007, for which the NHS was responsible for nearly a third of them.
The most serious of these involved a USB, Hard Disk Drive or other removable data storage device. These are known as ‘information assets’ to the company, which are great risks as they are portable devices which can be exchanged through a number of hands.
Information Security: Everything you need to know
To understand more about securing and protecting information assets and implementing ISO 27001 (Information Security Management System) then we recommend IT Governance: A Manager’s Guide to Data Security and ISO 27001 / ISO 27002, Fourth Edition. This book contains everything you need to know about information security and data protection, as it covers viruses, hackers, online fraud, privacy regulations, computer misuse and investigatory powers.