Confidential Medical Files “dumped in fields in Co Cork”
May 1st, 2008 by James
It has been a high profile week for identity theft issues in Ireland. First we heard about the Bank of Ireland laptop data theft, prompting Glandore Systems to call upon the Irish government to introduce mandatory disclosure laws (responding to this breach and others recently, such as Jobs.ie and the Blood Transfusion Service). Somebody at Glandore Systems called “James Gavin” was quoted in the Irish Examiner speaking on the issue - he must be a new hire or something 
The need for mandatory breach disclosure was validated only a few days later, as Bank of Ireland have admitted to the issue being much larger than they initially said. Now 30,000 users are affected, from 29 different branches. I will only reiterate that for all we know there could be 300,000 users affected - if the bank has no legal obligation to disclose data theft then how can we expect to know?
Mirroring the disregard that a major Irish bank shows for its customers’ privacy, now we find out that the Health Service Executive has dumped confidential confidential medical files in a field.
The files contain detailed medical histories of people who were treated at Cork Regional Hospital, the hospital now known as Cork University Hospital, and at St Finbarr’s Hospital in the city.
Data includes the names, addresses, dates of birth and medical conditions of patients treated in the 1970s and early 1980s.
The HSE says that it “does not know how many”. Between the Regional Hospital and St. Finbarr’s, that potentially covers just about every Cork person over the age of 25 - including me. Once again, a major institution in Ireland has put the population at risk to identity theft and other fraud. How will the government respond? A bank doesn’t even bother to encrypt its files. The health service dumps confidential files in a field. Institutions like Bank of Ireland and the HSE will only introduce stricter security policies if the government brings in some laws to protect us from their neglect.
Another Cork-based software company, You Get It Back puts things into perspective by using the Washington Post’s estimates to gauge how much a thief can gain from selling personal details on the black market. In the case of the backup tapes that were stolen from the University of Miami last week, it amounts $28 million! With figures like this, even your average laptop thief on the street is going to wake up to the fact that there is big money to be made if you can get your hands on some juicy personal details. Institutions need to be held accountable when they allow theft like that to occur, but they’re never going to be held accountable if they don’t even have to admit to the data loss in the first place!
