Lost thumb drive leads to potential data breach
A thumb drive containing personal data of current and past graduate medical education residents and fellows at Cooper University Hospital has recently gone missing. Lost around July 8th, the incident has been reported to the proper authorites a few days later who are now looking into the potential security breach only two weeks later.
According to hospital sources, the lost data includes Social Security numbers, addresses, and phone numbers. As it always happens in such cases, the data was not in anyway encrypted or protected.
The University later released the following statement:
UK: Information Commissioner’s Office reports that the NHS has disclosed 305 security losses, as the amount of breaches tops 1,000
Over more than 1000 data losses for the NHS. This is a new record.
Of which alone 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
The Information Commissioner’s Office has warned organisations that they need to minimise the risk of mistakes, as the amount of losses reported tops 1,000.
The ICO claimed that staff need simple procedures on how to handle personal information with appropriate training to ensure the importance of securing it is fully understood. It also said that it is essential that the protection of people’s personal information is part of organisations’ culture and DNA.
An ICO report revealed that 254 breaches were as a result of information being disclosed in error, 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
A further 83 were due to a technical or procedural failure and 59 were lost in transit. A breakdown of companies revealed 305 incidents were recorded by the NHS, 288 in the private sector and 132 by local government. Only 81 incidents were the result of central government.
David Smith, deputy commissioner at the ICO, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands.
“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it.
“We are keen to work with organisations to prevent breaches happening in the first place and to help ensure that things are put right when they do go wrong.”
Source and full article: SC Magazine
Endpoint Security: Playing it smart
There have been so many news lately about stolen hardware with important data, server hacks, security threats embedded in any new gadget that gets launched (like the iPad), that it could make anyone think all security companies and experts care about is pointing warning fingers towards anything cool someone would think of using. With all these stories, some of which we’ve shared on our Twitter stream, security becomes this two-headed monster that’s there to kill the fun in technology.
But that’s far from being true! Effective security is about playing it smart: seeing what could happen and preventing it, while allowing people to still have their share of fun. We tend to forget that, but that is the purpose to security in general and endpoint and data security in particular. iPods, iPads, colorful USB sticks, netbooks, smartphones, cameras, you should use it all as long as they help you work better and make your life easier. You should use them at home, in the office, while commuting, the idea is to know what threats they pose and how to prevent them.
Security experts to concentrate on everything bad that’s happening. The reason is simple, if companies and individuals don’t fear the consequences, they tend to ignore the risks. The all present mantra “It can’t happen to me” is their shield against all attacks and breaches. So there is a reason and a purpose behind showing off all the bad stuff, but that should never cast a shadow over the real goal of security: making your life safer and better.
How to control device use the easiest way possible?
Take it to the could. See how it works explaind in plain english.
Device Control and DLP taken to the cloud to help you reduce cost and deploy much faster.
Months later, consequensces knocking on breached door
One might think that if several months have passed since an embarrsing data breach and nothing has happened, it’s all cool. One can relax, mind their own business and forget all about security.
That’s not the case if we’re talking UK health authority. Namely, London-based Camden Primary Care Trust. They thought, sometime last August, that dumping PCs containing 2,500 patients’ names, addresses and medical histories beside a skip inside the grounds of St Pancras Hospital was a good idea. They might reconsider now, as the Information Commissioner’s Office has given Camden Primary Care Trust until the end of the month to improve security, consequence of its breaching the Data Protection Act.
According to the Register, “data on the obsolete computers was left unencrypted. The machines were subsequently swiped without authorisation and never recovered”. Given such gross negligence and obvious proof of being completely irresponsible, I cannot help being extremely happy they are forced to do something about their security!
