Reply to post:

NHS slaps private firm Health IQ for moving Brits' data offshore

Warm Braw Silver badge

Health iQ ... are leaders in real world data with an outstanding NHS informatics and health intelligence heritage

They seem to have been a very unremarkable small company operating out of serviced office premises in Whitechapel until the end of their accounting period in 31st Jan 2014. Then suddenly it seems they acquired substantial debt and a compensating sizeable chunk of "intangible assets", apparently in the form of a patent license of some kind, so it looks like they have some ambitious plans for the data they hold.

The "offshore" bit is perhaps the least concern - they're using servers based in Ireland. More worryingly, they were sharing passwords to the NHS Secure Electronic File Transfer system from which they obtain the NHS data. They are currently not in receipt of NHS data until the audit issues are addressed, but the audit suggests they only conduct a penetration test of their new system (presumably after relocating from Ireland) "once Health IQ has received a full data set": I would have thought one would conduct the penetration test (to the extent they're useful) before loading the system with live health data. Also, their staff were leaving the office leaving their laptops unlocked with access, presumably, to the raw NHS data. The audit also says that the contracts with Health IQ customers - sub-licences for the NHS data - were undated and used scanned signatures.

Having said all that, I suspect a snap audit of a hospital would find a great deal worse...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019