Reply to post: Re: Surprises?

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

h4rm0ny

Re: Surprises?

I believe (having worked in the NHS) that it was safer when all the data was stored at individual GP practices. Firstly, this prevented a massive treasure trove of data being collected which will inevitably be stolen (if it has not already). Rather than numerous small troves which had to be individually gone after and thus weren't pursued by intelligence agencies or criminals. Secondly, it inherently partitioned the data according to need. Someone couldn't find the sexual history of their partner or look up the address of someone they were stalking just because they worked at ANY GP practice. When we pointed this out, they told us only people who had agreed to strict privacy controls were given access. By this they meant the bit of paper that every GP secretary and anyone else signs without reading. We pushed and were told that all accesses were logged but we investigated and at the time they weren't (not that this takes the place of restricting access). I.e. they lied to some of the people actually responsible for this stuff! Maybe those controls are implemented now but the principle that far, far more people have access to this data than need it remains in place.

So no, I don't think it has made it safer even in principle. A thousand boxes, each individually locked and each containing a pittance. Or Smaug's heap of gold entrusted to whichever company's director is mates with the Health Secretary of the day. I know which I think is safest in principle.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019