Weak network security led to NHS data breach
By Chris Taylor
28/04/2011
The Information Commissioners Office (ICO) has blasted an NHS Trust for its inadequate file security, the British Association of Public Safety Communications Officials reports.
Last September, NHS Birmingham East and North discovered that supposedly secure personal information was in fact potentially available many unauthorised employees and two other NHS trusts.
The files, which were on a shared network, contained thousands of records related to staff as well as some high level patient records. NHS Birmingham and East reported the incident as soon as they were made aware.
The ICO have concluded that whilst some files were restricted and more difficult to find, file security was generally poor.
Acting Head of Enforcement, Sally-Anne Poole has said that the the local Trust have reviewed their data security policies and are improving unauthorised and unsecure access in future. A new and improved network management system is likely to be installed to prevent further breaches alongside the policy reviews.
"It's vitally important that IT networks storing personal information have robust security measures in place," she said. "Whilst nobody outside of the Trust environment was able to access the files, problems with the security of the network still led to a situation where sensitive information was potentially available to NHS staff that did not need it to carry out their daily role."
The Chief Executive of NHS Birmingham East and North has signed a commitment to train staff about data protection and access issues, in addition to a comprehensive technical review.
According to PHS Datashred, a leading data destruction firm, this latest case follows 2,565 data breaches recorded since April 2010.
