A laptop containing the personal details of thousands of children has been stolen from a hospital in Nottinghamshire.
Wendy Saviour, the chief executive of Nottinghamshire Primary Care Trust, said on Monday that three laptops had been stolen from offices at the Kings Mill Hospital near Mansfield last Wednesday. One of the three machines contained the names, addresses and dates of birth of children from the Newark & Sherwood, Ashfield and Mansfield areas.
According to Saviour, the laptop's only security is a single password, which she said "reduces the chances of anyone being able to see the information". In total, 9,742 families are believed to be affected, although Saviour pointed out that no medical information was stored on the laptop. The children involved are aged between eight months and eight years.
Gary Clark, EMEA vice president for SafeNet, said that the fact the laptop had only a password for protection was of extreme concern.
"Every organisation that handles sensitive information about the public has a responsibility to protect that information, and the use of passwords alone is woefully inadequate," he said. "Encrypting the data and using smart tokens or USB tokens to unlock the laptop will reduce the risk of unauthorised access." Clark claimed that just 44 percent of laptop data are protected.
Lynton Stewart-Ashley, country manager for GuardianEdge Technologies, claimed that the loss would have serious aftershocks for the trust. "When you add up the cost of legal fees, lack of trust in the community, and potential payouts to affected parties, you really begin to understand the full impact of data loss," Stewart-Ashley said. "Any damage can easily be circumvented with full disk encryption on all laptops under the Trust's charge. This is not rocket science."
PGP's Jamie Cowper also weighed in, stating that organisations "have to understand that storing confidential information on portable devices such as laptops brings serious responsibilities. By their very nature, laptops are a lot easier to steal than desktop computers, so it's absolutely vital that the data contained on them is protected to the hilt." He added: "Passwords aren't enough — to achieve absolute information security, organisations have to deploy comprehensive encryption policies across all devices."
The Trust is now "working closely with the police to investigate this theft and to recover the stolen computers", it said on Monday.
Talkback
It's laughable that companies still think a basic password are sufficient to proect their digital property or the patients' PHI (Personal Health Information). This is just all the more reason for healthcare companies to move into higher security. I read an article about something related to this http://ezinearticles.com/?Healthcare-IT---Your-Practices-Digital-Wellness&id=496665.
It discusses the importance to have a digital records and have them secured for the success of healthcare companies.
If it was NECESSARY to have a laptop why was it not secured to a fixed point?
Was it necessary for them to have been easliy stealable laptops rather than basic desktop workstations working to a server containing the information?
Why were laptops (or any other computers) left in unattended and insecure office areas?
Are the persons in whose charge they were going to re-imburse the taxpayers the cost of the equipment they allowed to be stolen? They can claim on their own insurances.
Seems to me that there is a lot of indolence and irresponsibility in that organisation. Perhaps the management should get out of its offices and get around.
Why do these laptops not have encryption on them? We certainly do on all our Laptop and all our desktops for this exact reason. Basic security. The password is probably set to their DOB or their surname, so it can be guess easily.