ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

NHS patient data sold on eBay

Kablenet.com

Published: 17 Sep 2007 14:18 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

An NHS trust is investigating how one of its hard drives containing confidential information was sold online.

The Dudley Group of Hospitals NHS Trust is trying to find out how one of its computers full of confidential medical information was sold on eBay.

Disposal of the trust's computers is carried out under contract to Siemens Medical Solutions, as part of a PFI agreement. Computer Disposals has a subcontract with Siemens to dispose of obsolete IT. All hard drives that leave the trust via this route should undergo data wiping which meets the government's standard of being overwritten three times.

The confidential data was discovered by researchers working on forensic data recovery methods at Glamorgan University. The university's research is sponsored by BT, which purchases 250 hard drives a year from places such as eBay and regional computer fairs. It then passes these to the university which attempts to recover data.

The research is designed to raise awareness in organisations of how easy it is to recover sensitive data when poor data-wiping processes are used.

The trust said that, together with Siemens, it has carried out an internal investigation into the incident and developed recommendations to prevent data from being left on unwanted hard drives.

"Unfortunately an investigation into how this particular hard drive has been openly purchased has not been able to identify the route at this stage, and the trust is continuing with its efforts to identify the source, including the possibility of theft," the trust said in a statement to GC News on Friday.

The recommendations developed by the trust include a change to the contract between the trust and Siemens concerning responsibility for the disposal of all IT equipment and the purchase of a degausser to ensure that hard drives are wiped before they leave the trust.

Sentry Posts Blog

Sentry Posts Blog
Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more +

The trust board is expected to accept the recommendations when it meets later this month.

This summer a report from the Information Commissioner's Office highlighted a "horrifying" number of public-sector organisations that were guilty of careless breaches of personal information. It has received almost 24,000 complaints concerning personal information over the last year.

In one high-profile breach, an online recruitment system for junior doctors revealed highly personal information on application forms, including sexuality and religion.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
10 out of 10 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. This is the government we should trust with our id... mmfb123

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

249098HD Service Delivery Manager Bishopsgate, London

Very strong influencing, problem solving and negotiation skills DESIRABLE - Data-mining (route cause analysis) - Analysis PERSONAL QUALITIES - ...

NHS Trust East Midlands Data Analyst 23,000 - 31,000

NHS Trust in the East Midlands is looking to build a team of Data Analysts. They are looking for a Senior Data Analyst who would have had experience ...

Business Analyst 30-35k plus benefits Banking Northampton

To formulate and present recommendations based on analysis in order to influence the decisions of senior project and business management. The ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation