A survey on the use of portable data storage devices in the healthcare sector found that two thirds use no or inadequate security and that half of those in the NHS use their own equipment to store data a basic breach of security practice.
The survey, which was conducted by Pointsec Mobile Technologies and the British Journal of Healthcare Computing & Information Management revealed that one fifth of the devices used to store data have no security on them at all and a further two fifths have only password-controlled access which does not guarantee security from hackers.
A quarter of respondents used passwords with another form of security, including encryption, biometrics, smart card and two-factor authentication. Respondents included information managers, IT managers, medical professionals. Two thirds of the 117 who responded to the survey were in the NHS and a quarter were suppliers to the sector.
The most common type of data stored was personal contact details (80%), while three quarters stored work contact details. Nearly two thirds stored corporate data and a fifth of the healthcare workers who were interviewed held security details which could include passwords, PIN numbers and bank account details.
it will only be a matter of time before these weaknesses are exploited. Mobile devices seem to be falling through the security net and our advice is that any NHS trust or organization downloading sensitive or patient records should automatically encrypt the information, commented Martin Allen, managing director of Pointsec.
