Tony Dawson’s concern about complacency of data watchdog over NHS ‘ransom’ attack.
Southport‘s local Heath Watchdog, Councillor Tony Dawson has received a response from the Information Commissioner’s Office in reply to his concerns about whether the NHS has been looking after people’s personal health data satisfactorily. The problem was highlighted by the recent Ransomware’ attack which closed down several hospitals for a couple of days recently. including the Southport & Ormskirk NHS Trust.
Councillor Dawson is concerned that the the ICO may be being complacent and are missing the point about the responsibility which they are meant to be exercising.
“They say that no one in the NHS reports personal data or information being accessed,” says Councillor Dawson.
“But this is only one aspect of data security. Organisations holding vital personal data need to ensure not just that it isn’t shared inappropriately. They need to ensure that it is kept safely and securely so that it can be accessed appropriately immediately when it is needed for the purposes for which it is stored.”
“A woman going into hospital for a hip operation is not going to be massively bothered really if an Xray picture file of her leg is sent to someone who should not have it – especially if it doesn’t have her name on it. She is far more concerned if the hospitals that are meant to send that Xray to any doctor who needs it are totally unable to do so when the doctor say she or he needs it. That is an equal if not more important aspect of data security,”
“People are even more concerned when they learn that some NHS Trusts have been ‘spotless’ while others are caught by ransomware fiends because they have failed to spend the money needed on updates to their software. Especially when the same NHS trusts who are scrimping on data security are wasting hundreds of thousands of pounds on ineffective and sometimes ill-directed disciplinary processes for senior managers.”
“I have taken this matter up further with the Information Commissioner’s Office. This last ransomware attack was fairly trivial, though I cant imagine the individuals who had operations cancelled feeling that way. We need to ensure that genuine effective data security measures are in place right across the NHS before there is a serious Tsunami of data handling.”