Another day, another data breach. The BBC reported today that a memory stick containing health records from a nearby secure hospital facility was found by a 12-year old boy in a supermarket car park in the UK. The information contained records of violent patients from the Tryst Park severe mental health unit at Bellsdyke Hospital, along with information about staff.
This is really getting silly. As a spokesperson from the health authority NHS Forth Valley said “We have clear policies in place on the safe use of portable data devices.” It seems that these clear policies either:
- weren’t clear
- didn’t cover the Asda Car Park
- were ignored
As mentioned before in the Accellion Blog the best idea with portable flash devices and USB sticks is DON’T USE THEM to transfer sensitive information - file transfer via USB stick is not a good idea. Abstinence in this case really does seem the best idea. Accellion secure file transfer technologies make it possible to quickly, securely and efficiently transfer sensitive information thus avoiding creating headline news such as today’s.
Another side benefit of using secure file transfer, other than securing the transfer of files, is it makes staff more conscious of the handling of confidential information. Did the person who dropped the USB stick in the car park really mean to take the records to Asda, or did they just forget the USB stick was in their pocket, which just happened to have a hole in it? In the case of information security humans are often the weakest link.
Sometimes safeguards are just that, they guard people from their own mistakes. So next time you visit the local supermarket check your pockets beforehand.