Woodward Lewis and Blaenau Gwent Domestic Abuse Services are changing the deep-rooted culture of acceptance of domestic abuse by unlocking the community’s existing wisdoms.This article explains how the challenge is approached and the results achieved.
Read more on POSITIVE DEVIANTS GET PEOPLE TALKING ABOUT DOMESTIC ABUSE…
The volume of data available to public sector organisations to allow them to manage more efficiently is growing rapidly. The problem is that the expanding mass of data can lead to a decline in control. Brian Gentile explains how business information systems can dispel this information fog and provide a basis for better decisions.
Read more on BUSINESS INTELLIGENCE MAKES SENSE FOR THE PUBLIC SECTOR…
The NHS reforms will bring radical changes to the way health and care services are delivered across the country. Andy Stuart sketches out the way change will effect the built environment. He highlights the impact this will have on architects, facility managers, local authorities and contractors, as well as others concerned with the built environment.
Ben Mendoza explains how Telecom Expense Management solutions make it possible to keep track of the spend on telecoms and to check the accuracy of supplier’s invoices. But there are pitfalls and he offers advice on getting a solution that meets the need.
Faced with anxiety over potential job losses and extra pressure in overstretched departments, for staff in the public sector, occupational health and safety has never been more important. This feature looks at cutting costs without cutting corners
Andrew Carr looks at the severity of the cuts in the public sector and suggests that IT is the catalyst for bringing about the transformational change that the cuts demand.
As encapsulated in its Comprehensive Spending Review, the government is in the process of implementing one of the toughest programmes of public sector spending cuts on record.
Read more on Driving Efficiencies Across The Public Sector – How IT Can Act As A Catalyst…
Providing the right conditions and appropriate solutions to the issues related to looked after children is an absolute priority. Headlines show that failures happen. Records play a vital part in supporting social workers to do their job effectively. Steve Liddicott discusses a new approach to case recording.
Ross Brewer discusses reasons behind the NHS’s unenviable data protection record and looks at the task of turning the situation around.
The Information Commissioner, Christopher Graham’s recent assessment of NHS data security has revealed an urgent need for culture change as health organisations continue to breach the Data Protection Act. More than 250 laptops, many of them unencrypted, have gone missing from the Department of Health in the last ten years. This includes notable incidents such as NHS North Central London losing a laptop containing the medical records of over 8 million people. Furthermore, the NHS appears to be disproportionately responsible for many of the data breaches that have occurred in recent years.
In June 2010 the Information Commissioner’s Office published a list of all the UK data breaches reported since 2007 – the NHS was responsible for 305 out of 1,007, almost one in three. More recently Graham stated that while “the policies and procedures may already be in place…..the fact is that they are not being followed on the ground.”
Stemming the data loss
To rectify this problem the NHS will need to overcome a number of challenges including finding the right technology to ensure data is stored correctly, monitored, and that staff follow best practice guidelines. The NHS is particularly susceptible to data breach for a number of reasons. For one thing it is an enormous organisation with a disparate structure charged with protecting a vast repository of sensitive data. In addition, both staff and patients will often find themselves transferred around different facilities. This means that data needs to be accessible in multiple locations too.
Portable devices are often used to solve this problem but countless cases of lost laptops have demonstrated the risk they present. There have been reports of additional issues being caused by staff members using personal devices to store sensitive information. This last point highlights one of the biggest threats to security – employees.
For any organisation that employs as many people as the NHS it is essential to find an effective way to limit the insider threat. Recent research from OnePoll* revealed that 37 percent of people have shared privileged company information with their friends and family, while 21 percent of laptop/desktop-owning respondents stated that they have transferred company data to their personal computer, even though more than half of these devices – 58 percent – were shared with, or could at least be accessed by, other people.
Data theft
While human error is one of the more likely causes of data breach there are more sinister threats online that need to be taken into consideration. As an integral part of the UK national infrastructure, the NHS is also a viable target for sophisticated attacks launched by foreign governments. Recent breaches of targets like the IMF and the Pentagon are both suspected to have been perpetrated by nation states as was the Stuxnet worm attack in 2010. While capable of causing immense disruption these attacks are equally adept at simply monitoring in the background and collecting data.
Getting at the cause of data loss
There have been numerous voices in the media claiming that cloud based solutions are the answer to the data security problems facing the NHS. For example, Clive Longbottom, founder of analyst firm Quocirca, suggests that the cloud could be used to centralise data into a single facility that could only be accessed via “relatively dumb devices”. However, many of the problems experienced by the NHS seem to stem from a lack of visibility when it comes to internal systems. This problem would appear to be common within organisations in the UK. Baroness Neville Jones, special representative to business on cyber security, noted earlier this year that many threats are missed because organisations are unaware of what the normal functioning of their networks looks like “because they don’t actually know enough about their own systems”.
Unfortunately, like many organisations, the NHS is wasting the very resource that can help develop a better understanding of its networks. IT systems produce millions of logs each day, which, when collected and analysed, can provide all the information required to develop a forensic insight into every level of activity. However, even more modestly sized organisations can struggle with the volume of logs that are created and increasingly disparate nature of IT systems.
As a result monitoring and reviewing this information to see what’s been going on can take days or even weeks – long after any security policies have been broken, and sensitive data lost. To simplify and speed up this process, the NHS needs to embrace solutions that automatically monitor and secure all activity logs while also reporting and alerting on activity that warrants attention in real-time. Unwanted activity can clarified by IT staff during the implementation process and could include numerous breaches of data protection policy including incidents of unencrypted data being transferred to a portable device or data not being deleted in accordance with regulatory obligations.
By enhancing visibility of how data is being used, the NHS will have significantly improved ability to ensure that policy and procedure is followed by its staff. In addition, monitoring data logs in this way makes it much harder for sophisticated attacks like the Stuxnet worm to take root. In order for them to do so hackers would need to breach both their target and the logging system simultaneously, a significant challenge. This kind of monitoring is increasingly required by the industry guidelines and regulations observed across both the public and private sector. CESG, the UK Government’s National Technical Authority for Information Assurance, introduced the Good Practice Guide 13 Protective Monitoring framework that stipulates that public sector organisations must continually monitor their IT systems in order to spot unwanted or unusual activity and prescribes how this can be done in the most efficient and effective manner.
Included in the recommendations is the need to monitor all computer-related activity in real-time and the generation of alerts should unwanted activity occur. Continued criticism from ICO would seem to suggest that CESG’s guide is not being adhered to with sufficient diligence at present.
Using Protective Monitoring technology to develop a better understanding of systems, and thus more effective data protection procedures, is essential if the NHS wants to clear up its reputation as one of the UK’s least reliable guardians of sensitive data. Learning more about systems in this way provides a host of additional benefits too, including the ability to identify inefficiencies within the IT estate. The NHS is responsible for holding data on some of the UK’s most vulnerable citizens, while improving IT systems is obviously not as vital as providing first rate medical services it should be a priority nonetheless.
Ross Brewer is vice president and managing director, international markets, LogRhythm.
Read more on NO HOPE SECURITY IN NHS?…
Budget vs. blooms
Can we justify continuing to spend public money on floral displays in today’s times of austerity? John Williamson of Amberol examines the role of community displays and looks at ways that they can be maintained at a minimal cost.
By Constantine Galonis.
Cloud computing, which allows oganisations to share resources, software and applications, can bring radical change to public sector ICT services. Using the cloud will reduce costs and risks and bring scalability, and resilience. But many top managers believe the risks are too great. The author looks at the reality of cloud computing.
Read more on OVERCOMING FEARS AND DOUBTS OF CLOUD COMPUTING…
© PublicNet is a KnowShare production | Technology by Jag Singh + Hilton & Hilton Ltd | Admin Log in