BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Montfort Hospital Suffers Security Breach

From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Sun, 27 Jan 2013 18:00:26 -0500
http://www.esecurityplanet.com/network-security/montfort-hospital-suffers-security-breach.html

Canada's Montfort Hospital recently announced that that an unencrypted
USB drive containing more than 25,000 patients' health information was
recently lost. The drive contained patients' names, summary data on
the type of service provided, the date of service, and the health
service provider code.

"Philippe Marleau, Montfort’s vice-president of quality and
organization performance, said Friday that the employee lost the USB
key somewhere between the hospital and home and initially tried to
find the key herself," writes The Ottawa Citizen's Chris Cobb. "When
she couldn’t find it, she called her supervisors to report it missing.
... The employee has now been 're-sensitized' to security issues and
is back at work, he added, but she wasn’t suspended or otherwise
penalized."

"The employee had extra work she wanted to do over the weekend, but I
have to emphasize this was not part of our policy," Marleau told The
Citizen. "She was not authorized to do that. She decided to use a
personal USB key that was not encrypted and it was lost between the
hospital and her arriving home. We decided there was no malice,
hacking or other illegal activity involved."

"Moving forward, the hospital will ensure that any information that
needs to be downloaded will be stored on secure, password encrypted
USB keys," CBC News reports.

For more information on the breach, affected patients are advised to
call the hospital at (613) 746-4621 x2999.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: