The Data Protection Commissioner (DPC) says it is engaging with Children’s Health Ireland (CHI) in relation to complaints it received relating to the security of patient data.
The Irish Independent reported last week that two whistleblowers had contacted the DPC claiming that staff at CHI were using personal phones and laptops to access confidential patient information via the GoToMyPC app, exposing hospitals to a potential data breach.
GoToMyPC is a commonly used remote desktop access solution that has been used for two decades as an alternative to similar systems such as LogMeIn – which now owns the brand – or using a virtual private network (VPN). It uses multi-factor authentication and has an enterprise offering but is not generally used for high-risk purposes.
Children’s Health Ireland issued a statement saying that while the solution was used during Covid, it was now being retired from use.
“There are no ongoing security breaches as regards GoToMyPC,” the statement said.
“GoToMyPC was a unique solution introduced during the pandemic to ensure the continued and safe provision of healthcare at a time when the healthcare sector was under enormous pressure.
“This product is no longer needed, and CHI is in the final stages of retiring the GoToMyPC product.
“Access to CHI systems via personal devices is generally not permitted. CHI ICT policies and controls ensure that this is only possible in exceptional circumstances, which are subject to stringent controls, documented, and for which data protection impact assessments are required.”
No formal enquiry into GoToMyPC has been progressed by the DPC, but a spokesperson told Pulse+IT that “the DPC continues to engage with the CHI on the matters raised with this office”.
Cybersecurity has been a critical component in the development of the new national children’s hospital, as the site aims to be Ireland’s first public digital hospital.
Earlier this year, it was announced that Telefónica Tech had been selected as the successful vendor to provide numerous infrastructure technology solutions to CHI for the new hospital, with a significant focus on cybersecurity. In the five-year deal, Telefónica Tech UK&I will oversee all servers, storage, security, PCs, printers, workstations on wheels and laptops in the new hospital.
Speaking at the time of the announcement, Adrian Rath, CHI’s chief technology officer, said: “The security solutions provided by Telefónica Tech will enable Children’s Health Ireland to strengthen its cybersecurity posture against potential cyber.
“Most importantly, all of this will bring about a safer and better experience for the children, young people and families who use our services.”
