Stolen Laptop Exposes 5,500 Canadian Patients' Data

WEBINAR:

Modernizing Authentication — What It Takes to Transform Secure Access


Date: 12/14/2017 @ 1 p.m. ET

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

CBC News reports that a laptop containing 5,500 patients' personal information was stolen in January 2014 from Canada's Etobicoke General Hospital (h/t PHIprivacy.net).

The laptop, which contained patient names, birthdates and diagnostic reports, was stolen from a lab used to test brain activity.

The lab was locked, but the laptop was neither encrypted nor password-protected.

"We have a policy for protection and in this instance it just was not protected," Ann Ford, chief privacy officer for the William Osler Health System, told CBC News.

A commenter at PHIprivacy.net explained that the hospital does "require encryption on any device that stores PHI. The problem is that clinicians will work directly with vendors, without the involvement of IT, and acquire systems that do not conform to policy. It used to happen very often, and this is likely one of those cases."

Patients who were tested between January 2011 and January 2014 are affected, and are currently being notified of the breach.

"We think that there's no further action they need to take," Ford told CBC News. "But, however, if they feel comfortable contacting their financial institution we leave that up to them."

In response to the incident, the hospital is now securing all laptops with cable locks.

Photo courtesy of Shutterstock.

JOIN THE DISCUSSION

Loading Comments...