Electronic data held by the Health Service Executive is not adequately secure and could be at risk of theft or misuse, an external audit has found.

The audit which was carried out by external consultants and completed in March 2012, found the organisation’s overall information and communications technology (ICT) security framework was “inadequate”.

It said the absence of an effective security framework across the organisation meant the HSE, its staff and the data held by it “may not be adequately protected from attack, compromise, theft or misuse”.

The finding was one of 14 high-level risks and medium-level weaknesses identified across the HSE’s ICT security framework at a national and regional level by Mazars.

The audit report also found one in every five laptops on the HSE South East’s asset register was unencrypted at the time of the audit. Although all laptops are required to be encrypted under HSE policy, it found 292 of the 1,475 laptops in the region appeared to be unencrypted.

Well that’s good to know.