The Children’s University hospital in Temple Street, Dublin, has been the target of a theft of two computer servers back in 2007. They contained medical records of nearly 1 million patients, and the culprits (along with the servers) have never been discovered.
At the time, the investigators – Ireland’s data protection commissioner and the gardai – decided that the hospital shouldn’t inform the public about this incident, since the possibility of the thief accessing the data inside the servers was very slim.
According to Times Online, this incident would have remained hidden from the general public had it not been for another security issue that is currently being debated by the hospital, the DPC, the Health Service Executive and the Department of Health.
As it turns out, the hospital is in possession of 1.54 million blood samples took from almost every child born in Ireland since 1984, making them the keepers of a DNA database that for all purposes could be considered national.
The existence of this database was unknown to the public and to the data protection commissioner until a few weeks ago. So, now the question is: should the hospital be allowed to keep the samples even if the people whose samples they have want them destroyed – along with the personal information they are tied with?
The hospital claims that access to the information in the database was never given to law enforcement agencies, and has been used only 4 times by scientific researchers. Also, they say that the servers containing all this information are kept safe in a location where access is monitored and recorded, and protected by many locked doors.
According to the DCP, the hospital has definitely improved security after the 2007 breach. But, the decision about what to do with the database has still not been taken – discussions about the issue are going to take place this week.