A complete ban or holistic approach to USB devices is needed by the NHS to prevent data losses.
At the start of this week, it was reported that a USB stick containing patient information of 800 people had been lost by East Surrey Hospital. After that loss, which occurred in September 2010, no victim had been informed.
Marc Lee, sales director EMEA at Courion, said that a holistic approach to data security is needed to involve comprehensive risk assessment and strict control of access to sensitive data.
“By understanding where the greatest risk lies, organisations will be able to enforce effective rules about who can access sensitive information, when and how it is being used. Assigning appropriate access rights and monitoring for abnormal activities can prevent similar incidents and ensure customer data is safe,” he said.
However, Nick Lowe, EMEA V-P of sales at Cyber-Ark, said USB devices should be retired as they have proven to be consistently vulnerable to loss, theft and poor security practices.
He said: “Technology has moved on and so should organisations looking to transfer information securely. Only by using modern secure file transfer solutions can organisations be sure that their data is protected at all times and only accessible by the intended recipient.
“It's unclear just how many more of these incidents are needed before lessons are learned and changes made, but this data breach, along with the nine 'near misses' mentioned in the report, will do little to inspire public faith in the NHS.”
In order to better manage USB drives, Softek launched a free version of its SafeConsole USB flash drive management software this week.
According to the distributor, SafeConsole LITE includes core features such as password complexity policy enforcement, remote password reset, device state management (to kill/disable lost drives) and full geolocation auditing and reporting.
Mike Bienvenu, technical director at Softek, said: “With all the recent high-profile data-loss reports, customers are really starting to appreciate the need for managing their encrypted USB drives. The ability to know how many drives are being used, who is using them and what is on each drive at any given time, is critical for compliance.
“Softek surveyed our partners and customers to see what features were used the most, what customers saw as the most important features of SafeConsole, and then we bundled them into a lite version and have decided to provide it free of charge.”