Author: Max Metzger / Source: SC Magazine UK
(NB – Written prior to the WannaCry attack, hence emphasis on data)
An individual’s credit card information may be worth a few pounds on the black market, but healthcare data can fetch between 50 to 100 times that. And while credit cards can be cancelled, healthcare information – which contains sensitive information such as addresses, medical history, emergency contact, and more – cannot.
Criminals could potentially use this data to sign up for new credit cards or commit insurance fraud.
In March 2017, it emerged that access could be gained to the private records of 26 million NHS patients.[1] This shows the vulnerability of patient data at a network level.
At a device level the threat is also apparent. For example, in 2010, Brighton and Sussex University Hospitals NHS Trust was fined £325,000[2] by the Information Commissioner’s Office (ICO). This was because more than 200 de-commissioned drives belonging to the Trust that should have been wiped and destroyed in fact ended up on eBay.
Patient data is at risk when staff do not follow protocol and many NHS data breaches could have been prevented.
The UK Government has made moves to ensure higher security[3] for NHS departments and suppliers in the form of NHS Digital’s Information Governance (IG) guidelines.[4]
George Freeman MP writes; “As the health and social care system becomes increasingly paperless and digital it also becomes ever more important that there are adequate and robust protections in place to protect the data and information held within it.”
While we welcome this increased emphasis on data protection, we also believe that the UK Government should go one step further. Patient data would be even more secure with increased stakeholder collaboration.
…
Click here to read more
