Document Management News Category Table Lax IT security measures led to NHS data breach in Birmingham

Lax IT security measures led to NHS data breach in Birmingham

21 April 2011 | Last Updated on 21 April 2011 | Written by Staff Reporter | PDF | Print | E-mail

NHS Birmingham East and North breached the Data Protection Act by failing to restrict access to files on their IT network, the Information Commissioner’s Office (ICO) announced today. The breach led to some NHS staff at their own Trust and two other NHS Trusts nearby potentially being able to access restricted information.

NHS Birmingham East and North reported the breach to the ICO in September last year after discovering that electronic files, stored on a shared network, were potentially accessible to their own employees and the employees of two other local Trusts. The files contained information relating to thousands of individuals, including members of staff. Although health records were not compromised as part of the breach, the files also contained some high level information relating to patients.

The ICO’s investigation has found that, while most of the files were not easily accessible and some security restrictions were in place, file security in general was inadequate.
Acting Head of Enforcement, Sally-Anne Poole said:

“It’s vitally important that IT networks storing personal information have robust security measures in place. Whilst nobody outside of the Trust environment was able to access the files, problems with the security of the network still led to a situation where sensitive information was potentially available to NHS staff that did not need it to carry out their daily role.“We are pleased that NHS Birmingham East and North has agreed to improve the security of its network as well as reviewing the processes it follows when handling personal data.”

Denise McLellan, Chief Executive of NHS Birmingham East and North, has signed an undertaking to ensure that adequate technical security measures are in place to prevent unauthorised access to personal data. The Trust will also make sure that comprehensive policies are established regarding the storage and usage of personal data and that staff receive the necessary training on how to follow them.
A full copy of the undertaking can be viewed here:

http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_action.aspx#undertakings

Search

Get The News Wire

Sign Up for the Document Management Newswire to get the latest news straight in your inbox

First Name:
Email

Capcha




Links
Document Management Software
Document Management Solutions
Book a Product Demonstration
ERP Integration

 
Company Information
Partner & Reseller Programme
Latest News
Free Seminars

Websites
V1 Document Management
Document Management
Eco Gecko
Document Management News

Version One Ltd - Document Management & Imaging
Registered in England, No: 2443078 - VAT Registration No: 927547983 - © copyright 2011