BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Medical lab loses thousands of B.C. patient records

From: Erica Absetz <erica () riskbasedsecurity com>
Date: Wed, 26 Jun 2013 10:47:26 -0500
http://www.cbc.ca/news/canada/british-columbia/story/2013/06/24/bc-lifelabs-kamloops.html

The personal information of about 16,000 patients of a medical lab
service in Kamloops has gone missing, says the company's president.

LifeLabs president Sue Paish said Monday a computer was sent to their
main office in Burnaby for servicing in January, but when it was
returned, the hard drive was missing.

The hard drive held the results of ECGs, or electrocardiograms,
gathered at three local facilities between 2007 and 2013.

"There was no financial information whatsoever included in the data,
no ability to access any financial records or other financial-related
data," said Paish, who admitted the drive did include personal
information like the patient's name, address, height, age, gender, the
ECG results and health care number.

She said an internal investigation failed to determine who took the
drive and where it is now, adding the information is password
protected and requires special equipment to read.

The company has implemented measures to minimize the risk of such
incidents in the future, including ensuring that all ECG reports and
drives are fully encrypted, said Paish.

She also apologized for the incident and said this is the first
security breach in the Lifelabs' 50-year history.

Health Minister Terry Lake said he learned of the breach just last week.

"It's unacceptable to take this amount of time to notify the
government and the Office of the Privacy Commissioner about a breach
like this," he said. "And again they have assured us that will not
happen in the future."
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: