Confidential data lost on unprotected USB Stick

According to a report on the E-Health Insider newswire, USB sticks are widely used by junior doctors in the hospitals trust as a means of storing confidential patient data. Normally, says the newswire, the data is protected using encryption, but it quotes a foundation year one doctor as saying this is not always the case. This security lapse was highlighted, says the newswire, when a USB stick containing “highly confidential patient data” was stolen from a junior doctor. Calum Macleod, European director at security specialist Cyber-Ark, says the practice of storing patient data on an encrypted USB stick is fine in theory, but a nightmare to administer. “Enforcing a policy of encrypting patient data stored on USB sticks is almost impossible, so it’s hardly surprising that there should be a security scare,” he says. “The Hospitals Trust would do well to consider storing the data centrally on a highly secure, encrypted and protected digital vault, and have the medical staff access that information securely across a network,” he adds. According to Macleod, what the solution loses in terms of convenience is more than made up for in terms of patient privacy and elimination of the possibility for legal action.