The security risks associated with storing personal data on a USB stick were highlighted last week following the apparent theft of an unprotected stick at the Nottingham University Hospitals Trust.
According to a report on the E-Health Insider newswire, USB sticks are widely used by junior doctors in the hospitals trust as a means of storing confidential patient data.
Normally, says the newswire, the data is protected using encryption, but it quotes a foundation year one doctor as saying this is not always the case.
This security lapse was highlighted, says the newswire, when a USB stick containing “highly confidential patient data” was stolen from a junior doctor.
Calum Macleod, European director at security specialist Cyber-Ark, says the practice of storing patient data on an encrypted USB stick is fine in theory, but a nightmare to administer. “Enforcing a policy of encrypting patient data stored on USB sticks is almost impossible, so it’s hardly surprising that there should be a security scare,” he says.
“The Hospitals Trust would do well to consider storing the data centrally on a highly secure, encrypted and protected digital vault, and have the medical staff access that information securely across a network,” he adds.
According to Macleod, what the solution loses in terms of convenience is more than made up for in terms of patient privacy and elimination of the possibility for legal action.