Origin Storage says Canadian health data theft highlights case for multi-layered drive security

Basingstoke, 18th March 2011 - Reports from Canada about the theft of a hospital hard drive containing photos and videos of patients shows how easy it is for data drives to go missing in public areas, says Origin Storage.

And, says Andy Cordial, the MD of the storage systems specialist, the drive theft incident at Misercordia Hospital in Edmonton, Alberta, shows that - no matter what security policies an organisation has in place surrounding data security - hard-pressed staff will often take the easy option and ignore procedure.

"So what is the solution? Clearly security policies surrounding the security of patient data were in place at this hospital, but they just weren't followed, so the answer  has be to introduce multiple layers of security, which staff simply cannot circumvent, even if they want to," he said.

"Our own DataLocker range of PIN-protected portable hard drives (http://bit.ly/2vb6y9) is a good example of a multi-layered security system. Users can still have the benefit of AES encryption on the drive for security, but as an added measure, users must also know the passphrase of the security unit, without which they cannot access the data," he added.

According to Cordial, had the Edmonton hospital used such a device even if the thief walked off with the drive, the unit would have locked automatically, meaning that access to the data would have been prevented.

Using this approach to data security, says the Origin Storage MD, is an ideal way of bolstering the existing data security defences in an organisation, in situations where existing IT security policies cannot be fully applied.

Origin's observations amongst its many customers, he says, is that data needs protecting whether it is at rest or in transit and, whilst encryption offers an excellent form of protection, adding extra layers of security in portable or back-up situations makes a lot of sense.

"Had this incident happened in the UK, the Information Commissioners Office would have been on to the health body concerned very quickly indeed, and at the very least, publicly secured a written guarantee from managers that a change of security procedures – to prevent a recurrence  - would take place,” he said.

“That means that management heads will roll if an infringement of the Data Protection Act occurred again. This sort of incident - and the consequential publicity plus investigations that result - has a curious habit of significantly grabbing managerial attention," he added.

"Using multi-layered technology can not only avoid a data loss for whatever reason, it can also avoid dragging your organisation's reputation through the mud, as has clearly happened with this hospital."

For more on Origin Storage: www.originstorage.com

For more on Edmonton hospital patient data disk theft: http://bit.ly/fNb5IX

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.