Reply to post: Re: "This helps to ensure that ... data is kept safe and secure"

NHS slaps private firm Health IQ for moving Brits' data offshore

TitterYeNot

Re: "This helps to ensure that ... data is kept safe and secure"

"So what they're saying is: if it's stored in a cloud hosting provider in the UK, it's safe; if it's stored in a cloud hosting provider outside the UK, it isn't.

Except there is this thing called "The Internet" which connects all the clouds together."

Having briefly scanned the audit report, I don't think that's quite what the auditors are saying. I can't see any reference to data being stored in a non-UK datacentre, but I do see a reference to aggregated data in the London data centre being available 'online' i.e. presumably internet facing, and so available to users in other countries (that's probably why the London data centre is no longer used.)

This is most likely what the main point of the story is - servers storing NHS data should never be accessible via the internet, only via internal LAN / WAN (with WAN connections encrypted over point-to-point VPN.)

The only other failings I can see in the report are the usual suspects - logins shared between 2 admins, unlocked unattended laptops, poor audit trail for information governance training etc. etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019