About bloody time. What the hell was a manager doing with patient data? He no doubt broke the rules if not the law in storing it on a laptop in the first place.
I'm a fan of mobile computing like most people here, but why does everybody seem to need a laptop? What justifies this manager having a laptop for the day to day work? Perhaps there was a good reason but it's just as likely the they simply wanted one.
Confidential data + mobile device = FAIL
Jimbob
I think the first problem is why he was able to have so much data transfered to his machine? Surely there have been enough high-profile precedents (especially in the UK) that should have made people at least think twice about leakage vector.
The PC ... contained copies of the personal details and treatment plans of several thousand patients.
Even if the manager in question had a legitmate reason for requiring the data (possible), and on a mobile device (less likely but still possible). What reason did he have for taking the data to a different country, over 400 miles away whilst
on holiday?
It is ashame that this guy is going to take the fall for what is commonly a non-issue, just using the UK as an example several high-ranking government and security services personnel have been in similar situations with nothing other a slapped wrist.
Regardless, it is nice to see an organisation taking tough action to lacking security controls, whether or not the hospital had sufficient procedures/policies in place to make the dismal fair is another matter.
Either way it will hopefully increase general awareness of the problem which can only be a good thing of those of us having to protect against and clean up after end-users get their hands on shiny toys.
Think Jimbob put it best
About bloody time.
RR