NHS fails to secure mobile data
NHS mobile devices have inadequate data security.
The National Health System is failing to protect potentially sensitive patient information, according to research.
Almost two thirds of portable data storage devices used in the NHS use no little security.
The survey found half of those storing data on mobile devices are using their own equipment which breaches basic security practices.
One fifth of mobile storage devices have no security and a further two fifths have only password-controlled access – which still makes them still vulnerable against hackers who can bypass a password in seconds using software available on the Internet.
Only a quarter of respondents used passwords with another form of security, including encryption, biometrics, smart card and two-factor authentication.
Two thirds of the 117 who responded to the survey were in the NHS and a quarter were suppliers to the sector.
USB memory sticks (76%) were the most popular mobile device followed by laptop/tablet PC (69%), PDA/Blackberry (51%), smartphone (9%) and mobile phone (2%).
Small devices with large data storage capacity make it very easy for a person to carry unnoticed large amounts of data such as patient records or sensitive corporate data.
The survey demonstrates a large number of people are using their own devices for carrying data such as work contacts, corporate data and even medical records. About half of the medical professionals carried patient records on a mobile device.
Martin Allen, Managing Director of Pointsec Mobile Technologies UK, the company which carried out the survey with the British Journal of Healthcare Computing & Information Management said: ‘It will only be a matter of time before these weaknesses are exploited.’
‘It is very easy to steal or pick up a mobile device and access the information for ill-purposes,’ he said. ‘Mobile devices seem to be falling through the security net and our advice is that any NHS trust or organisation downloading sensitive or patient records should automatically encrypt the information.’
What do you think? Email [email protected]
Further reading: