ICO: NHS Lothian to improve security

NHS employees failed to comply with data security requirements according to an Undertaking, signed by James Barbour, the Chief Executive of NHS Lothian.

The Information Commissioner’s Office (ICO) has found NHS Lothian in breach of the Data Protection Act after an unencrypted memory stick was lost and some paper files were temporarily left in a shop. The paper records included details on home based patients. The memory stick, which contained personal details about 137 patients, belonged to an employee and should not have been used to store personal data held by NHS Lothian. In both cases the employees involved failed to comply with NHS Lothian security arrangements.

[…]

A copy of the Undertaking can be downloaded from http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx

Source: Information Commissioner’s Office (pdf)

China Amends Cybersecurity Law and Incident Reporting Regime to Address AI and Infrastructure Risks
Alan Turing institute launches new mission to protect UK from cyber-attacks
Safaricom-Backed M-TIBA Victim of a Possible Data Breach Affecting Millions of Kenyans
Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info
How a hacking gang held Italy’s political elites to ransom
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Iran's Critical Infrastructure

Related: