Monday, 4 April 2011

NHS IT Systems Security

Several times in the past we have mentioned the lack of good security provided by NHS and its IT systems, the NFfIT in particular. Now see from this news just how bad it is

News broke in the US last night EST of what may turn out to be the biggest ‘exposure’ of consumer personal details in retail history. A broad spectrum of companies doing business with Epsilon warned customers over the weekend that some of their electronic information could have been exposed. These included pharmacy chain Walgreen, Video recorder TiVo Inc, credit card lender Capital One Financial Corp, and teleshopping company HSN Inc. Other targets are also thought to include some of the nation’s largest banks, while some 5,900 college databanks were also compromised.

Aside from the crucial libertarian considerations, over here in the UK too this sort of thing is expensive. The average cost incurred by a data breach rose by 13% compared with 2009 to £1.9 million, with the highest loss incurred by a UK company being £6.2 million, a rise of £2.3 million from the previous year. But the biggest culprit (ie, victim) of data breaches is the NHS - an area of life where, even today, most people truly do not want anyone knowing about their problems – either through embarassment, or insurance/employer considerations. The NHS reported 305 breaches between 2007 and 2010, according to the Information Commissioner’s Office’s (ICO) figures. Of those, 116 were due to stolen data or hardware, 87 were due to lost data or hardware….but only 43 cases were disclosures due to error.

How bad has it got to be before legislators take action - bad enough for action only when MP's details end up in the public domain. Until then Joe Public isn't considered to be worth warrying about.