27^th January 2009 - Credant Technologies, the military grade encryption specialist, says that a Welsh NHS Trust, which has been rapped over the knuckles for being in breach of the Data Protection Act after losing data on 5,000 patients held on a laptop, could very easily have avoided the problem had it used encryption technology.

"The Information Commissioner's Office has quite rightly found the Abertawe Bo Morgannwg trust to be in breach of the DPA for losing the data on the South Wales patients in its area," said Michael Callahan, Credant's vice president.

 

"It's good to see that the ICO has elicited an agreement with the Trust to encrypt all of its patient data in future, and step up IT security generally," he added.

According to Callahan, had the Trust used encryption on the laptop -in line with security policies in a growing number of companies in the private sector - then the embarrassment and possible litigation from the patients concerned could have been avoided.

 

Whilst the data held on the laptop was password protected, Callahan says that breaking Windows password protection is now relatively easy on a notebook, especially if the hard drive is removed and installed on a hacker's test bench.

 

"Criminals are becoming highly sophisticated in their approach to IT these days. They are becoming aware of the value of the data on the notebook's hard drive, as well as the inherent value of the hardware, so anyone storing sensitive data on notebooks should use encryption as a matter of routine," he explained.

 

For more on the Welsh NHS Trust laptop fiasco:

http://tinyurl.com/d27ndu

 

For more on Credant Technologies: http://www.credant.com