The NHS has been forced to apologize after another insider data handling error led to the exposure of more than 3000 patients’ details.
East Sussex NHS Trust sent a letter of apology to the affected individuals, claiming that personal information stored unencrypted on a USB stick was lost by staff, according to the BBC.
It was subsequently found by a member of the public and handed in, the report continued.
The CEO of East Sussex Healthcare NHS Trust, Darren Grayson, told reporters that the member of staff who had downloaded the data onto the removable media device had broken official hospital policy.
“It was an isolated incident and the trust takes the security of patients’ personal information extremely seriously,” he said.
Luke Brown, EMEA general manager at Digital Guardian, argued that human error is often overlooked when organizations work with sensitive data.
“There are numerous technologies out there designed to combat human error, and small investments can go a long way,” he added.
“When organizations deploy technology that protects data at source, it removes the risk factor associated with human error and insider threats. Furthermore, staff quickly become aware of the impact of their actions, leading to rapid behavioral changes.”
US-based non-profit the Online Trust Alliance revealed in a February report that a sizable 29% of breaches last year were “due to lack of internal controls resulting in employees’ accidental or malicious events.”
Data protection watchdog the Information Commissioner’s Office (ICO) gained the power during the past year to conduct compulsory audits of NHS bodies to check data handling.
Of the 1677 self-reported data loss ‘incidents’ from 2014/15, a staggering 439 came from the health sector, according to the ICO’s annual report. That amounts to just over a quarter of the total.
In comparison, the next biggest affected industry was local government, which reported 125 incidents, followed by education (79) and ‘general business’ (73).