Rotherham PCT links systems to stem security breach

Rotherham PCT links systems to stem security breach Rotherham Primary Care Trust (PCT)...

Rotherham Primary Care Trust (PCT) has stemmed a major security problem and saved time by linking the Windows login accounts for its users to the NHS-wide Electronic Staff Records (ESR) human resources system.

The trust has automated adding user accounts to the Windows Active Directory, which staff use to connect from the hospital's network into the secure NHS N3 Network. The approach is more efficient than the previous method of updating staff data, which involved IT staff manually altering new joiners and leavers' lists from the human resources department.

Ex-employees with computer access could log in and pose a major threat to IT security. Both Windows Active Directory, which is used to authenticate staff on the hospital's network, and ESR, require updating with the same information separately. Delays in updating new HR information to the Active Directory were occurring because of the additional administration with ESR. "Following the rollout of the ESR and the separate updates [in Active Directory] we were leaving ourselves open to a security breach," said Derek Stowe, IT infrastructure manager at Rotherham PCT.

"We needed a way to disable and remove user accounts," he said. The existing process was time-consuming and relied on the IT department receiving updates of joiners and leavers from HR.

The PCT, which employs 2,600 staff, now uses an updated system whereby staff details are taken automatically from the ESR database. When the HR system is updated as someone leaves, network access is taken away from that user. This means access to networks can be made more secure, said Stowe.

Rotherham used Quest Software's ActiveRoles Server and Quick Connect to automatically synchronise user login accounts across the two systems. Stowe has also used AD Recovery Manager, to find out which users with network access were no longer working for Rotherham PCT.

Read more on IT risk management