This site is intended for health professionals only
Sunday, 1 August 2010
Newsletter sign up
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
06 Feb 08
Thousands of NHS smartcards have already gone missing, raising fresh fears over the security of patient data held online, a Pulse investigation reveals.
After requests to hundreds of NHS bodies under the Freedom of Information Act, Connecting for Health revealed 4,147 smartcards had been reported missing – 1,240 last year alone. At least 142 have been stolen, including 17 in one area – Hammersmith and Fulham PCT. Smartcards have now been issued to 438,314 NHS staff, although the number of users is eventually expected to top 1.2 million.
Information obtained by Pulse suggests the number of missing cards could be higher than NHS chiefs admit. Among 221 NHS bodies replying to FOI requests, 2,887 cards were reported missing, including 1,400 last year alone. Extrapolating from this, the number of missing cards would be closer to 6,000.
Connecting for Health insisted its data is accurate, with multiple reporting explaining the discrepancy in the figures.
Either way, Pulse’s investigation shows an alarming lack of attention to security.
In almost every case, lost or stolen smartcards were reissued automatically without investigation, and no disciplinary action has been taken against any staff member.
One trust in 10 admitted it had no idea how many cards had been lost or stolen.
Professor Ross Anderson, a security engineering expert at the University of Cambridge, said: ‘You can’t expect stuff to remain confidential if a few hundred thousand people have access. There will be several hundred at any time who’ve lost their smartcards and thousands who leave terminals logged on or share cards in other ways.
‘There just isn’t either the culture or incentives for trusts to investigate data compromises properly.’
A Connecting for Health spokesman said: ‘As soon as a smartcard is reported lost it is disabled. It cannot be used by anyone finding it without a six-digit pin number, which is issued directly to users.’
This week a BMA poll found that nine out of 10 doctors have no confidence in the Government’s ability to safeguard patient data online
How NHS smartcards are going missing
438,314 - total number of NHS smartcard users
4,147 - number of smartcards reported missing (Connecting for Health figure)
136,946 - total number of smartcards issued in 2007
1,240 - number of smartcards reported missing in 2007 (Connecting for Health figure)
1.2 million - estimated number of smartcards to be issued eventually
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Abacus e-MediaAdvertisement
Readers' comments
Very worrying, especially since all new smart cards seem to be issued with an identical default 4-digit pin.
Connecting for Health have contacted us with the following response to the above posting:
"NHS CFH has no knowledge of this practice at all - NHS CFH Guidance issued to local registration authorities (RA) clearly states the recommended processes for registering and issuing Smartcards and the setting of unique Passcodes by the user (there is no default Passcode).
It is is up to local NHS organisations to manage their local Registration Authorities, meeting governance requirements and the commitments made in the NHS Care Record Guarantee."