Three missing USB memory drives have prompted the Ashford and St Peter’s Hospitals NHS Trust to sign an undertaking with the Information Commissioner's Office. The missing devices, which did not use full disk encryption, held cancer patient data.
The data included full treatment and diagnosis of cancer patients, and was stored in Microsoft Word format. This last detail is sufficient to deem that the information "could have been easily accessed by anyone with use of a computer." (I've often wondered about this. More on that later.) The USB sticks were used to transfer patient data at "weekly multi-disciplinary clinical team meetings." (More on this later a well).
The data included full treatment and diagnosis of cancer patients, and was stored in Microsoft Word format. This last detail is sufficient to deem that the information "could have been easily accessed by anyone with use of a computer." (I've often wondered about this. More on that later.)
The USB sticks were used to transfer patient data at "weekly multi-disciplinary clinical team meetings." (More on this later a well).
When sensitive data goes missing, spokesmen for the affected organizations often proclaim that the risk of accessing the data is low because they're stored in an uncommon (not easy to access) format. I've often wondered what this means. I've often presupposed that it meant the missing files were stored in a relatively "obscure" format like Microsoft Access (a database program, if you're familiar with it). Only in a couple of cases was the missing data in proprietary format (meaning, the software was custom created for a company and cannot be found off-the-shelf). Just because data happens to be saved in a proprietary format doesn't mean that it cannot be read, however. I remember how I tested out Google Desktop back in the day. It's software that, among other things, can index your computer's files for easier and faster search. My recollection may be wrong, but I seem to recall that Google Desktop was able to find content within files that I forgotten about. Files to which the corresponding applications I had deleted in order to free up some space. With such search software (and there are many others similar to Google Desktop, but geared towards mining information, such as SSNs), the format of a file doesn't matter. About the only thing that can stop such software from finding sensitive information is encryption software, in the above case, file encryption.
When sensitive data goes missing, spokesmen for the affected organizations often proclaim that the risk of accessing the data is low because they're stored in an uncommon (not easy to access) format. I've often wondered what this means.
I've often presupposed that it meant the missing files were stored in a relatively "obscure" format like Microsoft Access (a database program, if you're familiar with it).
Only in a couple of cases was the missing data in proprietary format (meaning, the software was custom created for a company and cannot be found off-the-shelf). Just because data happens to be saved in a proprietary format doesn't mean that it cannot be read, however.
I remember how I tested out Google Desktop back in the day. It's software that, among other things, can index your computer's files for easier and faster search.
My recollection may be wrong, but I seem to recall that Google Desktop was able to find content within files that I forgotten about. Files to which the corresponding applications I had deleted in order to free up some space. With such search software (and there are many others similar to Google Desktop, but geared towards mining information, such as SSNs), the format of a file doesn't matter.
About the only thing that can stop such software from finding sensitive information is encryption software, in the above case, file encryption.
Some of the more frequent comments I read when sensitive information goes missing is "sensitive information should always be on a secure server, and accessed via some dumb terminal," or something thereabouts. My own stance has been, yes--but there's always exceptions, and this probably one of them. Medical establishments are generally a mishmash of different technologies. The truth is, whatever technology one has in place probably cannot cater to the demands of a multi-disciplinary team. Which is why methods that don't follow the workflow in place are invented and used--the transfer of data via USB sticks being one of them. Instead of blowing money on a custom-built solution that promises more than it can deliver, maybe a more pragmatic approach can have more impact. For example, using USB drives that are protected with whole disk encryption. The devices are already being used, and it's just a little step to secure them.
Some of the more frequent comments I read when sensitive information goes missing is "sensitive information should always be on a secure server, and accessed via some dumb terminal," or something thereabouts.
My own stance has been, yes--but there's always exceptions, and this probably one of them. Medical establishments are generally a mishmash of different technologies. The truth is, whatever technology one has in place probably cannot cater to the demands of a multi-disciplinary team.
Which is why methods that don't follow the workflow in place are invented and used--the transfer of data via USB sticks being one of them. Instead of blowing money on a custom-built solution that promises more than it can deliver, maybe a more pragmatic approach can have more impact. For example, using USB drives that are protected with whole disk encryption. The devices are already being used, and it's just a little step to secure them.
Related Articles and Sites:http://www.databreaches.net/?p=8001http://www.ico.gov.uk/upload/documents/library/data_protection/notices/ashford_hospital_undertaking.pdf