This even happened in the UK, but it can happen anywhere. I have seen it here, flash drives lost containing patient information, and sometimes not encrypted either. Most of the manufacturers today include a menu whereby information can be encrypted, but there are many that do not.
Why in the world do hospitals and other healthcare agencies still allow unlimited use of these devices? This is not only a security breach waiting to happen, but also a potential virus or worm infection for the network. Read the link below on what happened to the Department of Defense, the worm got in via a flash drive! This is not to say flash drives are not useful by any means, carry your pictures and whatever information you want but encrypt the information if it is valuable, but quit carrying around patient health care information on the drives if you are a health care professional.
Patient information should remain on secured servers and as you read in this story, the drive was found at the car wash, wonderful place for patient records to be laying around. With a network and Group Policy and the Active Directory, exceptions can be made for those who absolutely need to transfer information in this fashion, but again, that type of data would more or less lend itself to areas outside of patient data, like administration type of files. There are also flash drives that store access information, so that could be another good use with tokens that need to match as well, but again what I am talking about here are physicians typing up Word documents with vital patient information and carrying them around on a flash drive with no encryption, which should not be done. An IT department too will have the skills and knowledge as well on how to work with flash drives too and they also set the policies. One good idea too is to have anti virus software on the drive, again as the DOD learned in a hard lesson in this area. BD
A hospital trust in Cambridgeshire has been ordered to tighten security after a memory stick with medical treatment details of 741 patients went missing.
Cambridge University Hospital NHS Foundation Trust, which runs Addenbrooke's Hospital, was found to be in breach of the Data Protection Act.
The memory stick, which was privately owned, was discovered by a car wash attendant who was able to access the contents to establish ownership and returned it to the Trust.
Three other health trusts have also been found to have breached the Data Protection Act: Central Lancashire Primary Care Trust, North West London Hospitals NHS Trust and Hull and East Yorkshire Hospitals NHS Trust.