BreachExchange mailing list archives
Montfort Hospital Suffers Security Breach
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Sun, 27 Jan 2013 18:00:26 -0500
http://www.esecurityplanet.com/network-security/montfort-hospital-suffers-security-breach.html Canada's Montfort Hospital recently announced that that an unencrypted USB drive containing more than 25,000 patients' health information was recently lost. The drive contained patients' names, summary data on the type of service provided, the date of service, and the health service provider code. "Philippe Marleau, Montfort’s vice-president of quality and organization performance, said Friday that the employee lost the USB key somewhere between the hospital and home and initially tried to find the key herself," writes The Ottawa Citizen's Chris Cobb. "When she couldn’t find it, she called her supervisors to report it missing. ... The employee has now been 're-sensitized' to security issues and is back at work, he added, but she wasn’t suspended or otherwise penalized." "The employee had extra work she wanted to do over the weekend, but I have to emphasize this was not part of our policy," Marleau told The Citizen. "She was not authorized to do that. She decided to use a personal USB key that was not encrypted and it was lost between the hospital and her arriving home. We decided there was no malice, hacking or other illegal activity involved." "Moving forward, the hospital will ensure that any information that needs to be downloaded will be stored on secure, password encrypted USB keys," CBC News reports. For more information on the breach, affected patients are advised to call the hospital at (613) 746-4621 x2999. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Montfort Hospital Suffers Security Breach Erica Absetz (Jan 28)