In case you missed it last week, read round 1. I don’t know why these drives are not put on lock down through Group Policy when it comes to medical record information. I lecture physicians myself all the time about this issue. Hospitals still allow the doctors to use them at their facilities too, so what gives here? The hospitals need to lock these devices out and use a secured VPN for this type of activity when documents are needed for patient files.
Even though this happened in the UK, it could happen anywhere. The officials stated this was the first time something like this has happened, and I think it is rather the first time something like this was reported, as the odds of losing a flash drive are huge. The story last week tells about the drive being found at the car wash, so indeed this is the 2nd time of an incident like this being reported, not the first. People like to take short cuts too on the ones that are encrypted too and not use a password or the software on the stick and simply copy and paste, which defeats the entire purpose of having a way to secure the data stored, such as this situation.
The Department of Defense has locked USB drives out of the system after a worm from the drive infiltrated their system, so again I ask why does someone not address this situation. It is a bomb waiting to explode in more ways than one. Now we also have MRI machines infected with the Conflicker virus too? Security needs to be job number one. BD
A computer memory stick containing the records of thousands of hospital patients in Bradford has been lost.
Bradford Teaching Hospitals NHS Foundation Trust has started an investigation and admitted "established procedures were not followed".
It has written to 2,650 patients whose details were stored on the device and 3,000 others on its waiting lists whose records may also have been lost.
It is believed she took the non-secured memory stick off trust premises last month and lost it in the library of Leeds Metropolitan University.
In a letter to patients, trust chief executive Miles Scott said: "I am writing to inform you that on Tuesday 21 April 2009 a computer device (USB memory stick) containing patient information was lost from the foundation trust.
One heart patient, who wished to remain anonymous, told BBC News he feared his personal details might already have fallen into the wrong hands.
Since the data was lost he said he had received "funny emails and phone calls" purporting to be from various banks.