HSE 'rocked' by security breach on 1,500 patient records
Published 17/10/2010 | 05:00
Hundreds of patient records were seriously compromised by a major security breach at the HSE, the Sunday Independent has learned.
The 1,500 sensitive health records were removed from a Dublin office and emailed to an outside organisation.
A private IT contractor, who was being overseen by a HSE staff member, downloaded the records on to an unencrypted USB key -- something that is absolutely forbidden in the HSE's own protocols.
The contractor took the private health records home to work on overnight -- again a serious breach of the health authority's procedures.
Intending to email the records on the memory stick back to the HSE, the contractor mistyped the address and instead accidentally emailed them to another State body.
The security breach was only discovered when the public body involved alerted the HSE.
This serious compromise of client records "has rocked the HSE", a source told this paper.
The internal investigation into it has involved several senior HSE figures and is being considered a "major wake-up call" for the data leak-prone authority.
The patients involved this time have not been informed that their private information has been jeopardised.
The Data Protection Commissioner has cited the HSE several times in his reports and is said to be investigating why yet another leak has occurred.
Data security is a major headache for businesses and public bodies.
The theft of a Bord Gais laptop with names, addresses and financial information of customers led to a security review at the energy company.
The HSE has yet to respond to requests for comment and information on the incident.