Data breaches can have devastating consequences – and one recent incident overseas has illustrated the extent of the damage this type of negligence can cause.
A security breach at one UK health trust has highlighted the importance of keeping data protected – and underscored the risks that enterprises of all types can face when they fail to do so.
The UK Information Commissioner’s Office (ICO) reported this week that one publicly-funded healthcare organisation inadvertently leaked the details of 59 palliative care patients to an external source over a three-month period.
This sensitive information contained details about individuals that was intended for the St John’s Hospice and included information about their family life, medical treatment and instructions for resuscitation.
In March 2011, Central London Community Healthcare NHS Trust began faxing these details to the wrong recipient – with a total of 45 faxes sent over a three-month period.
In June last year, the recipient informed the healthcare provider that it had been receiving – and destroying – this sensitive data.
Checks carried out by the ICO revealed that there were insufficient measures in place to ensure that information was being correctly delivered to the right people, and as such, the healthcare body was fined a total of GBP90,000 (approximately $144,635) for the data breach.
Having the right security processes in place, according to the ICO’s head of enforcement, is essential – especially when it comes to protecting sensitive data such as medical records.
Stephen Eckersley said: “The fact that this information was sent to the wrong recipient for three months without anyone noticing makes this case all the more worrying.”
While this incident occurred overseas, it serves as an important reminder of the consequences of data breaches – both from a financial standpoint as well as the damage to an organisation’s reputation.
Enterprises that deal with sensitive information – whether this is in the form of medical details, financial records or other personal information – may wish to have their security processes assessed through penetration testing.
This can help to expose vulnerabilities in your system before they are discovered by malicious parties, who can cause significant embarrassment, reputation damage and financial losses to your organisation.
If your business is also evaluating new technologies, you might want to arrange for a security due diligence assessment to be carried out. This can identify any compliance gaps and allow your decisionmakers to make an informed choice about how best to proceed.