IT security and control firm Sophos is reminding organizations
of the risks of data loss and identity theft following news that
six laptops, containing personal information about 20,000 NHS
patients, have been stolen from St George's Hospital in Tooting,
London.
Sophos experts note that inadequate security policies left the
data vulnerable, with the sensitive information being stored on the
laptops on a temporary basis due to computer network problems at
the hospital.
"Sensitive patient data should never be stored on non-secure,
unencrypted portable computers," said Carole Theriault, senior
security consultant at Sophos. "This should serve as a reminder of
the damage that is done by poor attention to IT security policies.
Organizations that must store confidential personal details should
invest in systems that make sure that this kind of information
cannot be transferred to devices that may be compromised, putting
not only the organization, but also the individuals concerned at
risk."
St George's Healthcare NHS Trust has said that information such
as postcodes were password protected, but patient name and hospital
number were shown on the records.
"Although on this occasion it appears that the damage may be
limited, this will be of little consolation to the patients whose
records have been stolen," adds Theriault. "It is vital that
policies are implemented and enforced to ensure that no kind of
confidential information is made vulnerable to theft. Sensitive
data should be encrypted, or better yet, simply not stored on
portable devices like laptops and blackberries."
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.