As we’ve undoubtedly said before, the greatest risks to the security of an IT system come not from hackers, but from those with legitimate access to a system. To illustrate the point, South Warwickshire General Hospitals NHS Trust has hit the news because of a decision to allow clinical staff to access patient records using the smartcard and login details of their shift leader.
Computer Weekly’s Stuart King is spluttering eloquently on the subject:
What disturbs me most is the retort of “the monitoring process revealed no breaches of security.” Monitoring what? It’s a breach of security every single time a smartcard is shared. Those words alone make me go pale because they demonstrate a total lack of regard for process within an environment where privacy is critical.
One of our (many) fears about the children’s Information Sharing Index and its little friend, the eCAF database, is that busy practitioners working away from the office will soon start to ring up colleagues with their login details when they urgently need information from one of the databases.
There’s a very funny side to the South Warwickshire story. Go over to Ideal Government and make sure you click on the ‘spot the connection’ link. It’s worth it.