A London health authority has admitted losing a laptop which contains 8.6 million health records. The machine was lost three weeks ago, but has only just been reported missing to police and the Information Commissioner's Office. We've asked North Central London health board why it needed to store 8.63 million health records on …
What, again !!
I can't believe that once again, private information has been pinched ("lost from a storeroom") - what a load of bullsh*t. Password protected can be got around; it needs proper encryption. I guess the saving grace (if true) is that no names were on there. As a slightly unrelated side note I did some work for the MoD but at lunchtime everyone disappeared leaving me alone with many computers with no screen saver passwords. I'm so glad we've got a good secure defence strategy.
no names = good?
Seems to me like the rest of that info, used sensibly, could be way better than a mere name for identifying somebody.
"our policy is to manually delete the data from laptops after the records have been processed"
They were lost from a storeroom, so that policy was apparently not being followed then was it?
So basically this is a non-story?
I mean, what else is there to say?
"See icon -- What else is there to say"
Well... you don't *have* to say anything.
Especially for a lightweight story --- a Daily Fail worthy "blackmailer's starter kit", but on 8 million nameless records. Yes, a statistician can get some correlations out of it, but I'd like to see the resulting blackmail.
<<Dear Sir/Madam, as a male resp. female from London N7 you have a 12% resp. 9.5% chance of mental health problems, and 3.2% resp. 3.1% chance of diabetes --- give us £500 or we'll write a letter addressed to "Any Woman on this address" resp. "Any Man on this address".>>
It does actually...
So then you know how higher incidence of a complaint over others, next thing funding gets shifted?
It doesn't matter that 95% of statistics are utterly useless, it matters that you have them. With stats comes power, usually power to subvert funds from one application to another. The stats are total bollocks but if you're clever enough to blind those with the purse strings you get to drive a big car and live in a big house!
A postcode covers a very small segment of houses.
In those houses, there will be a limited amount of people with the correct ages and genders.
This information is generally available from a variety of places (council records etc).
Given the spread of data, you'll be able to determine the date at which the data was captured, giving you the definite ages of people now.
This kind of info is highly embarrassing for people who wish to keep past mental history away from the limelight, and other health information.
It's no great shakes to uniquely identify someone from a list like this.. Unless it's all been correctly pseudonymised, such that the laptops only contain tokens for the postcodes (and possibly ages) that can only be accessed by coupling the research back to an originating data set as the final point of calculation.
Have none of these muppets heard of TrueCrypt??
...is great, as long as the user doesn't leave the decryption password on a post-it/sticker on the laptop case/keyboard...
IT security is only as good as the users who have to use it.
I usually disapprove of swearing
but in this case I think you were very restrained.
Sadly I doubt the ICO will do anything useful.
ICO springs into inaction.
I bet the ICO are urgently preparing "words of advice" as we speak
Bit misleading wot
Sensationalist bollocks...these were anonymous records. I'm more concerned that the NHS is losing so many laptops!
May be anonymous, but...
...postcode, age, gender, hospital visits, mental illness, etc.
You can deduce a hell of a lot from a database. Suggest you look up "database inference".
anonymous records can be identified
The records included "age, gender, postcode" --- enough to tie them to real people.
"The records contain no names but do include other identifying information like age, gender, postcode, medical history, hospital visits, HIV status and mental illnesses"
Anonymous? How many of your neighbours share your birthdate and gender?
re a bit misleading
because re-identification of records from age (probably also date of birth) and postcode is impossible. So patient''s HIV status or record of mental health problems are completely safe.
Find someone with a nice embarrassing condition - now then - how many people share that postcode? Let's say 20. How many are men? Ok, let's say 8. How many are 43 years old? You do see where I'm going here, don't you?
Or maybe you'd like something a little more sinister - Pick a celeb, start with postcode etc etc. Would anyone put this past the tabloid press?
Not feeling quite so smug now, are ya?
Lets analyse this statement a bit shall we?
"All the laptops were password protected"
means - We created an account in Windows with a username and password of admin/admin.
"our policy is to manually delete the data from laptops after the records have been processed."
means - We require staff to spend time doing something boring and long winded, ensuring that no-one bothers.
"We have started an investigation into the issues raised by the loss."
means - We are paying a consultancy agency several hundred thousand pounds to recommend that we start using encryption.
Can anyone recommend a good health provider?
So, does anyone know of a health provider that takes data security seriously? Preferably one that still uses paper records. (You can't easily walk out the building with 8.6 million paper records, then accidentally leave them lying around on a bus).
"NHS North Central London operates under strict data protection guidance and is taking the matter extremely seriously."
Hmmm... every company works under strict data protection *laws*, whether you choose to comply with them, as NHS Central London clearly do not, is another thing.
true, they just couldnt be arsed.
also i believe the NHS head office or whatever has forked out for an encryption solution for the entirety of the NHS , this office could have used that at no cost to them.
Contrast the following statements:
"All the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed."
"The machine was one of 20 lost from a storeroom at London Health Programmes - a research body based at NHS North Central London"
So the machine was obviously inactive and stored. If the policy is to delete the data after processing, how the holy fuck could it have 8.6m records on it? Answer: their response is bullshit; said policy's an arse-covering piece of paper that no-one actually reads, let alone enforces. Dammit, how hard is it to DBAN a laptop when it comes back in and reimage it before reuse?
Re: Wait, what...?
I stuck on this same point as well, why are there 8.6m records on a machine that isn't assigned to anyone and is stored? If the machine haven't been stolen, then you can be sure the _next_ user would have had access to those same records. For that matter... the stores people would have had access to that data if one of the staff wanted to use the machine for some _none officially_!
People should be fired..
Fines don't work (it will be the tax payer who ends up paying anyways) ; kick out the management and make an example of them all.
The story doesn't make much sense, "One of the machines was used for analysing health needs requiring access to elements of unnamed patient data. All the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed"
"The machine was one of 20 lost from a storeroom".. So why wasn't the data deleted? How many more machines are lying around that health authority with data on them?
Is it about time
That the government laid down some standards on data usage & storage... especially that they DO NOT carry such data on laptops but can terminal onto a server via VPN with crypto & good security to process it on internal systems ^o)
They have done...
... a few years ago, and that's exactly what it says. Look for IAS 6 - Information Assurance Standard No. 6.
I've lost a few National Health records myself - the vinyl ones that Dave Stewart and Alan Gowen (and others) were responsible for.
Note to self - Don't put all your EGGs in one basket. (gettit ;-))
Why the fcuk indeed
TrueCrypt is free if they're really worried.
Why oh why does any business (or individual) with a laptop not encrypt the contents. Completely.
At least there's some security by obscurity - Mrs Moggin's corrective procedure for arse grapes will take a while to find.... :-o
So everything on *your* laptop is encrypted and then decrypted every time you do anything on it?
Even if you say "yes", I don't believe you.
Perhaps it's time for you to upgrade from your 286 and discover the power of 32-bit computing!
yes mine is, using the NHS's UK-wide site-licence,
why these muppets didnt use it who knows?
TrueCrypt and other file / container based encryption solutions only encrypt the files / directories you want. If an application saves data outside that path, it is unencrypyted.
My corporate has two HDD's, both encrypted with "Full Disk" encryption from Check Point.
Even the boot sector, page file, operating system, temp files area and empty space are encrypted - therefore there is no opportunity for sniffing information from anywhere.
Performance impact...? Well you need dedicated testing equipment to tell but it is between 0.5 to 2% - not enough for the user to notice.
Look, that's not EXACTLY a big ask...
...given that Truecrypt and many commercial products do whole disk encryption; the disk is encrypted, and unscrambled when the user either provides the password or some form of token (biometric, smartcard, whatever). It's policy here now that all laptops are encrypted before issue, so yes, everything on the laptop *is* encrypted and then decrypted before being worked on. Whatever you may believe.
Full disk encryption takes care of that, not like you have to manually decrypt the file and then re-encrypt it.
Kinda think you might not have looked into the range of encryption solutions available
Yes my entire drive *is* encrypted
Er, yes, yes everything I do is on an encrypted drive.
What's wrong with that?
Truecrypt and USB
You can even set truecrypt to automatically decrypt and mount an encrypted USB stick using the password that is entered on boot-up - so easy for users now there is no excuse!
policy, procedure, implementation
"our policy is to manually delete the data from laptops after the records have been processed"
"The machine was one of 20 lost from a storeroom"
It was in a storeroom, waiting for records to be processed?
Doesnt add up
strict data protection guidance...
delete the data from laptops after the records have been processed...
was one of 20 lost from a storeroom...
So why did a laptop in a store room have these records on it if they should be deleted after processing? Surely if it was in a store room it was no longer being used and should have had all data wiped?
It's OK, it's all "alleged"
That response is an arse-covering load of crap.
Laptop passwords have one great weakness
Anyone who thinks that 'concerning' is an adjective
should not be a spokesperson for the ICO or any other body.
How the hell did this happen?
I'm an NHS IT support worker. (Don't laugh!)
The Trust I work for was told several years back from the very top of the tree (the information overlords of the NHS) that ALL mobile devices are to be encrypted. Our Trust has carried this out, as I'm sure have lots of others (otherwise it's balls in the vice time) ... so how the hell has this happened.
Anon cos of concerns about my job.
Alternative to fines
Rather than fining the health authority, all the money used to pay the fine will come from the NHS money that is supposed to be for treatment. Give a few month's salary of the muppets who have responsibility of the laptop. Therefore they will have to explain to their families why they have no pay for a few months. This will drive the message into their brains.
NHS Spine Stuff?
Is this the reality of that NHS Spine stuff? Is this the kind of security that our Detailed Records (the ones you can't opt out of) are subject to?
Sounds like a "testing database" to me
I have seen it all...
Not Annonymous Data
"The records contain no names but do include other identifying information like age, gender, postcode, medical history, hospital visits, HIV status and mental illnesses."
If this is the full postcode, then they are normally specific to about 15 houses. So it becomes rather easy to tie together age, gender and postcode, with other public data like the electoral roll, to get a list of 1 or 2 possible people for each record.
I was wondering how you could get any useful information just having a postcode, your mentioning full postcodes makes much more sense now. Being from OZ our post codes encompass (what sounds like) a much larger area and in many metropolitan areas could cover many tens of thousands of people.
TrueCrypt? Why go to that much heartache....
Why don't they just use the McAfee end point software that the NHS centrally licensed some years ago? ( I know the agreement has ended, but the organisations still own the licenses! )
TrueCrypt is fine if you want everyone to be an administrator. Oh wait..... that's bad too.
Absolutely NO excuse for an unencrypted laptop though. Someone should be fired.
Yet, they threaten me with eviction if..
..i dont let their staff keep records of me on their flaky system.
It explains why I recieved this letter today, the important part here being:
"I understand this is due to your reluctance to have any information recorded on our computer system, RiO. However I am concerned that this means we can no longer see you to assess you mental health needs, and inturn, cannot provide a service to you.
Although this is your choice and right to decide, I believe part of the criteria for residing at XXXXXX is that you have a Care Co-ordinator and are seen by the community mental health team for support"