Last week the NHS reported four more data breach incidents, two involving USB flash drives containing sensitive personal info.  In one case, someone took the effort to encrypt the data, but then affixed the password with a post-it note.  In the other case, the flash drive was unprotected and left at a car wash.

Following an investigation, it became clear that the information contained on the memory stick was only looked at by the car wash attendant before returning it to the hospital.

It’s good to see health care organizations use encryption to protect patient data.  Unfortunately, good policy can be defeated with a simple post-it note.  Organizations can go a step further by remotely managing their portable devices.  With prompt incident reporting, a lost drive can be deleted or disable before the any data can be accessed.  And you have the audit logs to prove it.

Data Security, Government, Healthcare