Varonis comment on the NHS sharing patient data
May 2021 by Matt Lock, Technical Director at Varonis
Following yesterday’s news that the NHS will be sharing patient data with third parties, Matt Lock, Technical Director at Varonis shares the following words, should you be writing up on this:
“There is a lot of sensitive data involved in this plan, including details of mental and sexual health as well as criminal records and information relating to people who have suffered abuse. The public will want to know whether this data is being kept securely, so this is a high-stakes move for the NHS.
Any database of this nature will be an obvious target for hackers. If a cybercrime gang gained access to the data, they could lock it down and threaten to release the information unless the NHS pays them a ransom. They could also potentially blackmail people whose private data is stored on this database.
There are many risks in migrating data on this scale. When data is taken out of centralised storage and moved onto a cloud-based database, there is a risk of overexposure. This is highly sensitive information, so the NHS should seek to guarantee that it’s only accessible on a need-to-know basis by trusted internal and external staff. The NHS will need to make sure it enacts a strict privileged access policy on a least-trust basis to make sure this information is only viewable by people who need to see it.”