Sensitive staff file left on car park ticket machine
SENSITIVE computer equipment was stored alongside cleaning products and ran the risk of being damaged by leaks from a nearby sink.
The HSE audit reports also show unauthorised staff had access to sensitive personal data due to lax controls, with laptops and mobile phones not encrypted despite holding data of patients and HSE clients.
Seven separate audits were carried out in hospitals and health offices, with investigators saying that in some cases there were "deficient" facilities in place to back up key data.
The report into IT controls in Our Lady of Lourdes Hospital in Drogheda found that awareness of policies and protocols were "not satisfactory", and that concerns were raised about sensitive data on laptops and mobile phones not being properly protected.
In Cork University Hospital "an ICT governance framework to ensure that access to the hospital sensitive data is controlled and restricted to only authorised staff is not in place," the report says.
Auditors also found a folder containing "sensitive employee information" on a ticket machine in the hospital car park.
In an unidentified local health office, IT equipment was stored in a cleaning store while on a national level, governance was "inadequate" with a "high number" of negative findings, including a lack of a formal reporting structure to senior management.