Privacy fear over NHS card loss

Tags: DH

07 Feb 2008

Thousands of NHS computer 'smartcards' used to give access to confidential patient records have gone missing.

Connecting for Health, the DH agency in charge of the NHS IT programme, said 4,147 were unaccounted for - but stressed they were useless without matching six digit PIN numbers.

Among 221 NHS bodies replying to FOI requests from GP magzine Pulse, 2,887 cards were reported missing, including 1,400 last year alone.

The magazine suggested that if figures were extrapolated across the English NHS the total number of lost cards could be as high as 6,000.

Smartcards have been issued to 429,691 NHS staff as of January 1, 2008, with the number of users eventually expected to top 1.2m.

CfH has confirmed that just under 1%, 4,147, have been reported missing. Some 1,240 of these were reported in the past year.

Connecting for Health said that multiple reports of the same card loss might account for the difference. One trust in ten said that it had no idea how many cards had been lost or stolen.

A Connecting for Health Spokesman said: "There is no evidence that any security breaches have ever arisen from lost or stolen cards."

Paul Malcolm, general manager of health security specialists Sentillion, told EHI the two-factor authentication of Smartcards is designed to be robust enough to withstand losses: “Only someone bearing the right physical element (the smartcard) and mental element (the personal identification number) can access the system. Either of these authentication factors is useless without the other corresponding factor."

Speaking to the BBC, Cambridge University IT security expert, Professor Ross Anderson, said it was unrealistic to believe that such a large network would remain entirely secure. "You can't expect stuff to remain confidential if a few hundred thousand people have access.”

Reader's Comments

Another flap

07 Feb 08 13:02

As Ross Anderson points out, this kind of thing is bound to happen when you operate on such a scale. Procedures are in place to ensure that missing cards are revoked, so if people are doing things properly it really isn't an issue - even if the PIN is on a yellow Post-it stuck to the back of the card...

Another flap...

07 Feb 08 14:02

Oh that's good.....

As long as there are procedures.

Was it the lack of procedures or the abysmal failure of people to follow the procedures that has contributed to many of Data security issues in the media?

Big systems imply big problems WHEN they go wrong. Every system goes wrong at some point. And guess what...some systems go wrong more than once!

A flap indeed

07 Feb 08 15:02

How many bank cash cards were lost last year? Should we decommission the ATM network immediately? As the previous poster said, without the PINs, these cards are useless. And they are cancelled when reported lost. Just like bank cards.

Does anyone know how many keys to GP surgeries, hospital buildings, etc., were lost last year?

There are very legistimate concerns about the security of data held in centralised systems, but surely lost cards have nothing to do with it.

but

JBs_5@hotmail.co.uk

08 Feb 08 08:02

One thing the article doesn't let us know is how many of these cards are still able to access the system. Why is that....could it be that as soon as they know it's missing they cancel it? Yes it still may mean that some cards they don't find out about but no system is perfect but perhaps this is not as bad as they are trying to scare us into believing

PIN number on the front of the card

08 Feb 08 09:02

By default - the PIN number is printed on the front of the card.

It's 'assumed' that this will be changed as the card is used. However experience shows entire sites forgot this step Moral: never trust human common sense

Bank card analogy misleading

ruth.gateley@stockport-pct.nhs.uk

08 Feb 08 09:02

Many stolen or lost band cards are used to obtain cash and goods before they are cancelled. As the banks make huge profits they can make a balance between coping with a certain amount of loss and spending more on security. Health records are not money. Health records are personal. Ask anyone who has been burgled and they'll tell you that the most upsetting thing is not the loss of money or goods (which are generally insured) but the fact that someone has gone through their personal belongings. A system allowing thousands of users is wide open in a multitude of ways.

Working with smartcards

virginia.franklin1@btopenworld.com

08 Feb 08 12:02

Having worked with smartcards since they were first instroduced, all smartcards are issued to jobs worth authority. In otherwords, what you can see with the smartcards are unique to your authority level and most of the times, the information you can see is unique to the authority that you work for. All smartcards have unique pins and the pins unlike one comment I have read here ARE NOT on the FRONT of the smartcard. The cards are issued with the person choosing their own pin, even the RA Agent/ Manager does not know this pin. Where the person who the card is issued to is not present to select their pin, the RA Agent or Manager blocks the card so that when the person who then needs to use that card can get it unblocked out by their RA Sponsor, Agent or Manager with the necessary paper work completed. Enough said.

PIN printed on front of card

anthea.baker@bradford.nhs.uk

09 Feb 08 09:02

Thank goodness the ignoramus who wrote this comment chose to remain anonymous! I have never read such rubbish. Let's be clear here, the PIN is chosen by the user and can be either numbers or characters. If you choose to go scaremongering - at least get your facts correct!

re;PIN printed on front of card

12 Feb 08 17:02

er ..mine is on the front on a post-it wrapped around the card.I got it like that...just another ignoramus I guess.

re: PIN printed on smartcard

13 Feb 08 09:02

If you are receiving your smartcard with your PIN written on a post it wrapped around it, you should report it to your trust for breach of security procedures. In any case, this still isn't the same as having the PIN printed on the card as the previous commentator stated.

Also, don't forget that to actually access anything you need to be on an NHS net connection. Trying to access anything on the www. will get you nowhere.

To the previous poster.....

13 Feb 08 09:02

It is this kind of practice if it is indeed taking place that jeopardises the entire programme. Whoever thought of such idiotic procedures as to send smartcards with a pin number attached to it? I hope this is found out and stopped immediately.

With regards to the actual article, it is a load of scaremongering nonsense and is nothing less than I have come to expect from publications such as Pulse. Are they determined to undermine the entire programme?

Scaremongering

13 Feb 08 14:02

Week after week, we hear the latest woes about Information security, only to find after digging a little deeper, that it's not that bad afterall. All the above serves to demonstrate to the nth degree is that the level of technical understanding out there ranges from the enlightened and informed to the not so. It’s a shame that these articles intentionally pander to the latter's fears, thus propagating misinformation, ultimately making the whole process more difficult to implement. Surely, there is a responsibility to inform and educate rather than needlessly sensationalise.