Confidential patient data lost on unprotected USB Stick

The security risks associated with storing personal data on a USB stick were highlighted this week following the apparent theft of an unprotected stick at the Nottingham University Hospitals Trust.

According to a report on the E-Health Insider newswire, USB sticks are widely used by junior doctors in the Hospitals Trust as a means of storing confidential patient data.

Normally, says the newswire, the data is protected using encryption, but the newswire quotes a foundation year one doctor as saying this is not always the case.

This potential lapse of security was highlighted, says the newswire, when a USB stick containing "highly confidential patient data" was stolen from a junior doctor.

Calum Macleod, European Director for Cyber-Ark, a company specialising in protecting sensitive data for companies and their customers, said the practice of storing patient data on an encrypted USB stick is fine in theory, but a potential nightmare to administer.

"Enforcing a policy of encrypting patient data stored on USB sticks is almost impossible, so it's hardly surprising that there should be a security scare over the theft of a stick from a junior doctor," he said.

"The Hospitals Trust would do well to consider storing the data centrally on a highly secure, encrypted and protected digital vault system, and then have the medical staff access that information securely across a computer network," he added.

According to Macleod, what the solution loses in terms of convenience is more than made up for in terms of patient privacy and, of course, the removal of the possibility of legal action if things go wrong.