Modernizing Authentication — What It Takes to Transform Secure Access
Canada's Montfort Hospital recently announced that that an unencrypted USB drive containing more than 25,000 patients' health information was recently lost. The drive contained patients' names, summary data on the type of service provided, the date of service, and the health service provider code.
"Philippe Marleau, Montfort’s vice-president of quality and organization performance, said Friday that the employee lost the USB key somewhere between the hospital and home and initially tried to find the key herself," writes The Ottawa Citizen's Chris Cobb. "When she couldn’t find it, she called her supervisors to report it missing. ... The employee has now been 're-sensitized' to security issues and is back at work, he added, but she wasn’t suspended or otherwise penalized."
"The employee had extra work she wanted to do over the weekend, but I have to emphasize this was not part of our policy," Marleau told The Citizen. "She was not authorized to do that. She decided to use a personal USB key that was not encrypted and it was lost between the hospital and her arriving home. We decided there was no malice, hacking or other illegal activity involved."
"Moving forward, the hospital will ensure that any information that needs to be downloaded will be stored on secure, password encrypted USB keys," CBC News reports.
For more information on the breach, affected patients are advised to call the hospital at (613) 746-4621 x2999.