NHS Data Breach of 8.6 Million Records Speaks to the Need for Smarter Technology

Posted by: on Jun 16, 2011 | No Comments

The NHS has been struck by a massive security breach exposing 8.6 million UK citizens medical records. The records were stored on unencrypted computer equipment kept in storage at a hospital in London.

Why did this happen? I think anyone working at an IT security vendor that has a presence in the UK is familiar with the NHS, as it is one of the world’s largest organizations. What puzzles many is that the NHS probably had access to full disk encryption products that could have been installed on the machines. Probably 90% of industry people even know the name of the vendor.

…there is a brighter security future ahead…

If these amount of records where printed out on paper counting one record per sheet, which would be low, it would add up to 86 freight pallets of paper. That is 30 tons of records that would need two big trucks to drive away. These records were stored on a single device and disappeared without a trace. They could be anywhere.

This is not about the NHS. There is no one at the NHS that maliciously intended for this to happen. This a failure of technology and putting processes into place. We need to realize that it of course is an absolute necessity to digitize records - nothing can beat the efficiencies that are achieved. But once records are made digital there needs to be protection available that is instant, always on and that does not hold users back. Apparently something prevented the NHS in this case to take the steps necessary to protect the stored information. It may mean that the threshold to step into a secure solution was too steep even if the technology was there readily available to be implemented.

Even if these are painful times, the positive note is that there is technology coming that will make it easier to protect information (even on laptops) in the future. Already available technology, but that only protects a few are SED and specifically hardware encrypted SSD’s. The efficiencies of this security technology would have prevented the NHS breach as it would have been a flip of a switch, even mandatory to have the machines encrypted. So there is a brighter security future ahead and looking at the technology turnover rate it is not that far ahead.

At BlockMaster we are proud to be a supplier to the NHS with both SafeStick secure USB flash drives and SafeConsole central management.  We are working diligently to be part of solving the issues of lost portable devices. It is important to highlight when news like these hit that the IT security staff at NHS are highly professional and diligent. The NHS security staff are managing one of the world’s most complex organizations, most security professionals can appreciate the challenges they are facing when it comes to budgets, reorganizations and fast pace technology.

Learn about how SafeConsole can secure your organization >>

Leave a Reply