Quacking Information Security

News in the tech press that the NHS has been visited by Qakbot – a worm with a keen appetite for peoples’ sensitive data. (Despite the name it wasn’t specifically designed to target the NHS).

The effects of malware on systems that gather our sensitive data haven’t really entered public consciousness, but there are potentially serious problems here, especially when so many practitioners are logging in to systems remotely.

Last year, Tim Loughton asked a string of government departments about the incidence of malware during the previous year. Most of the replies fell into one of two categories. The Home Office, Ministry of Justice and Department for Communities and Local Government played the Mornington Crescent card by insisting that national security would be threatened if they even looked at the question.

Others, including the Department for Health when asked about NHS hospitals, produced the standard brush-off: ‘The information requested is not held centrally and could be obtained only at disproportionate cost’.

The Department for Children, Schools and Families dealt with it like this:

how many and what proportion of computers in (a) local authority children’s services departments, (b) Children and Family Court Advisory Support Service and (c) schools were found to be infected with malware in 2008.

Information on the number or proportion of computers infected with malware is not collected centrally from either local authority children’s services or from schools. However many schools do employ a managed service for their ICT support and those organisations will normally maintain this information and report to schools.

It simply won’t do. If a government department is mandating the collection of peoples’ sensitive data – particularly when this is without any opportunity to consent or opt out – it ought to be taking responsibility for the security of that data a great deal more seriously.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: