A study sponsored by mobile security firm Pointsec has come up with some pretty damning results as regards the UK's National Health Service and computer security. The study indicates that sensitive medical and personal details are in danger of exposure because NHS staff have a lax and substandard attitude to security. Almost two thirds of health sector workers use inadequate security, with more than 50 percent of workers using their own personal devices to store confidential data – an offence that can lead to sacking in many other companies. The study also revealed that one-fifth of the devices used to store data had no security at all, and 40 per cent had only password-controlled access that was easy to penetrate with the right skills and tools.
It was found that less than one quarter of workers used passwords in conjunction with other security features such as encryption. Other methods, such as biometrics, smart card and two-factor authentication were practically unheard of. The use of unencrypted USB memory sticks was rife, with 76 per cent of those interviewed saying they used them to shunt around confidential NHS data. Such data included work contact details, corporate data and even security details, such as passwords. More than 50 percent of the medical professionals surveyed used mobile devices to store patient records, which is a serious risk to patient confidentiality. All in all, not a good report at all for the NHS in terms of security.