TechWeb

Security Breach Exposes Patient Data In Canada

Nov 26, 2007 (01:11 PM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=204203593


A security breach affecting an unknown number of Canadian citizens came to light last week in the Canadian province of Newfoundland and Labrador when a consultant for the Provincial Public Health Laboratory took a laptop containing patient health information home.

The consultant was contacted by a person who identified himself as a representative of a computer security company and who claimed that he was able to access to data on the laptop through the consultant's home Internet connection.

"On Tuesday evening of this week, there was a security breach that exposed the confidential information of some patients whose test results are held by our Provincial Public Health Laboratory," said Jerome Kennedy, Minster of Justice and Attorney General, in a statement on Friday. "This is a very serious matter that required immediate action."

The statement issued by the Provincial Government characterized the government's actions as "quick and decisive." It noted that until a forensic investigation is completed, the number of affected patients cannot be determined. It did not identify the computer security company representative or his company.

The exposed information includes names, Medical Care Plan numbers, age, sex, physician and test results for infectious diseases, including HIV and hepatitis.

The Royal Newfoundland Constabulary (RNC) issued a statement on Monday saying there was no evidence of criminal activity associated with the data breach and that the RNC's involvement was no longer necessary, according to a report from the Canadian Broadcasting Corporation.

Spokespersons for the Newfoundland and Labrador Department of Justice and the Department of Health and Community Services did not respond to requests for further information.

The security lapse echoes a (presumably) larger data breach reported on October 30 in the United Kingdom. Two computer disks containing the names, addresses, National Insurance numbers, and (in some cases) bank information for all families with a child under 16 -- about 25 million people -- were reported lost and are still being sought.

The data losses come at a time when an EU commissioned study that was released on Friday notes that citizen trust is necessary for e-government initiatives to succeed.