The NHS has made a start at shedding its reputation as a data breach hotspot with the news that 100 hospitals are to start using encrypted USB sticks from Swedish company BlockMaster.

In one of the biggest public sector procurements ever announced for secure USB sticks, BlockMaster's UK reseller Softek will install 100,000 ‘SafeStick' drives in tandem with the SafeConsole management system over the next two years. The full list of hospitals involved is not yet public, but named health trusts include George Eliot NHS Hospital Trust in Warwickshire, the Aintree University Hospital NHS Trust, and West Suffolk Hospital NHS Trust.

The trusts involved appear to have clubbed together to source the drives through NHS ‘procurement hubs' after assessing BlockMaster's sticks against rivals on a joint basis.

BlockMaster's SafeSticks are a big step up from the mixture of unsecured drives, DVD and CD media and manually encrypted USB sticks that they will replace in the 100 institutions involved, where the confidential movement of patient data had become hard to guarantee. Each of the tamper-proof drives features transparent 256-bit AES encryption and secure use features such as lockdown of a drive if accidentally left docked to a PC.

The management console, which the company says can run on any Windows machine, covers everyday issues such as password recovery, remote wiping and management, compliance auditing, and configuration of the drive when used as an authentication token.

According to the BlockMaster technical director, Johan Söderström, the NHS testing process for the drives involved throwing drives in a bucket of water and stamping on them, all of which the SafeSticks had managed to survive.

He expected a lost and damaged ‘casualty rate' of roughly three per cent of the drives over the deal's two years. "It [the drives] had to be easy to use and hard to make a mistake," he added, underlining the need for simplicity when confronted with untrained users. The drives were designed to be put on keyrings, which he hoped would reduce the chances that they might be lost.

The drives could also resist threats such as the Conficker worm due to the SafeStick's use of its own autorun routine.