We live in an age where data is increasingly stored online. This is a bonus for many reasons. It makes it easier to retrieve lost data if things go wrong, but it also leaves us vulnerable to hackers and cyber criminals. A data retrieval company can restore client data if a server crashes, but unless there are sufficient security protocols in place, confidential data is a ticking time bomb waiting to happen.
Data Breaches an Epidemic
Data breaches are reaching epidemic proportions. Just as the dust settles on one major data breach, media outlets are reporting on another. In the UK, thousands of National Health Service staff have been left reeling after news broke of a major security attack that released personal information into the public domain. The data breach took place last year, but the data company in charge of IT security only notified the health board at the beginning of January.
Whilst that breach is serious enough, it pales into significance with news that the UK Information Commissioner is investigating concerns that 26 million patients are at risk of sensitive information being shared with unauthorized individuals. The scrutiny comes after it was revealed that one of the most popular data systems used by GPs allowed for enhanced data sharing, which meant anyone could search for sensitive information in a patient’s medical record, even if they had no reason to look.
Enhanced Data Sharing a Risk
The enhanced data sharing capability is used to allow hospitals to access a patient’s medical records. Open access to medical records is essential if a patient attends an outpatient clinic or is admitted to hospital in an emergency. Without access to information contained within the medical records, doctors would struggle to provide bespoke care and make the correct treatment decisions. However, the problem with allowing enhanced sharing is that anyone within the system can look up a patient’s confidential medical records.
Privacy campaign group, med Confidential has described this as a “truly devastating breach”. The head of the British Medical Association’s IT committee has warned GPs using the SystmOne online system that they face a flood of complaints from upset patients and they need to take “urgent action”.
The SystmOne platform is installed across 2,000 different institutions, including prisons and clinics. Information stored on SystmOne is accessible to anyone using the system, irrespective of his or her location.
Data Protection for Patients
Privacy Protection Law states that all patients must be informed if their data is being shared and other people have access to it. Unfortunately, in the case of the SystmOne security breach, patients have not been informed. If this information is accessed for malicious reasons or sensitive data is leaked into the criminal domain, the consequences are potentially disastrous.
The Information Commissioner is now in talks with the owners of SystmOne (TPP) and NHS Digital to find a way to resolve the issue. In the meantime, all doctors have been advised to turn off the enhanced data sharing capability of the system to prevent unauthorized access of sensitive patient records.
- Know The Enemy: Common Vulnerabilities in Public Cloud - November 26, 2019
- Important Information about Medicare Card - November 25, 2019
- Running a Small Business: What You Need to Know That Nobody Tells You - August 16, 2019
- Celebrate the Italian Way in Princeton this Fall - August 3, 2019
- The Newest trends in Bridal Jewellery - March 15, 2019
- Where to Find Affordable and Reliable Dutch Translation Services? - February 11, 2019
- Tips for Organising Memorable Hen Parties - September 25, 2018
- Are You a Banjo Beginner? How to Choose a Proper Banjo for Your Needs - June 8, 2018
- How to Make the Most of Your car Racing-Themed Vacation - December 22, 2017
- Will Reading Glasses Soon be a Thing of the Past? - December 7, 2017