Moments when you’re glad you’re not in charge of this IT department: health service executives in the UK say that no-one should be too worried about a disk full of patient data going missing, because it’s highly unlikely anyone will have the gear required to read it. Oh dear.
The East Midlands Ambulance Service (EAMS) has misplaced a disk containing scans of 42,000 forms used by patients of the service between September and November 2012. While chief executive Sue Noyes appears very contrite about the loss, she also suggests that it’s quite unlikely anyone will be able to exploit the data:
We are certain the data can only be read via specific hardware which we have in our premises and which is no longer in production – i.e. it is obsolete. Therefore it is unlikely that the information stored on the missing cartridge can be viewed by anyone outside of the organisation.
I don’t imagine too many criminal types are rocking Plasmon 5.2in cartridge drives — the company itself closed back in 2008. But with that said, I bet there are other hospitals and institutions in the UK still using those readers. So the risk might be remote, especially as there’s apparently still a chance the disk is on the premises, but it’s not non-existent.
The lessons? Guard physical media carefully, and try and move away from ancient formats that offer no possibilities of encrypting data.