UPDATED: Stolen Health P.E.I. laptop contained data of 4,000 patients, 1,200 staff

June 2, 2022

0 2 3 minutes read

CHARLOTTETOWN, P.E.I. — Well being P.E.I. is reporting {that a} knowledge breach, doubtlessly involving the information of 4,000 sufferers and 1,200 employees, occurred on account of a theft of an worker laptop computer.

The laptop computer was stolen from the worker in early April. Well being P.E.I. CEO Michael Gardam mentioned the laptop computer was password protected however contained spreadsheets containing particulars of affected person visits to emergency rooms in September and October of 2021. The spreadsheets contained affected person and employees names, dates of delivery, well being card numbers and postal codes.

“The information was restricted to what we might think about decrease danger data — there wasn’t monetary data there or social insurance coverage numbers,” Gardam advised SaltWire on June 1.

The day after the theft, the province’s Data Know-how Shared Companies employees was in a position to remotely change the password of the laptop computer. Gardam mentioned the chances that the knowledge on the laptop computer was accessed have been “very, very slim” however acknowledged he couldn’t make certain whoever stole the laptop computer was restricted from unlocking it.

Charlottetown Police additionally have been notified of the theft.

Health P.E.I. said an employee's laptop with more than 4,000 patients' and 1,200 employees' personal information was stolen in early April. - Atlantic Briefs Desk — Well being P.E.I. mentioned an worker’s laptop computer with greater than 4,000 sufferers’ and 1,200 staff’ private data was stolen in early April. – Atlantic Briefs Desk

Study from errors

Gardam mentioned the affected person knowledge was contained in datasets that have been used to investigate affected person flows and staffing numbers inside the province’s emergency departments.

“We’re very sorry that this occurred. And we be taught from these occasions and we make it higher,” Gardam mentioned.

“As a studying group, all we are able to do is be taught from our errors and be higher.”

The admission comes greater than a month after the theft occurred. Gardam mentioned Well being P.E.I. employees waited to inform the general public as a result of it wanted time to contact the affected employees and sufferers first.

Going ahead, Gardam mentioned employees could be doing a “deep dive” into insurance policies associated to what delicate data will be saved on employees laptops which are taken off-site.

“One of many issues that is very clearly going to come back out of that’s, for those who’ve bought a spreadsheet, as soon as you’ve got bought it and you have all the proper data, you take away any affected person or any employees identifiers,” Gardam mentioned.

Privateness evaluate

The province’s data and privateness commissioner was notified of the breach in early April.

In an e mail, data and privateness commissioner Denise Doiron mentioned her workplace has not obtained any complaints from Islanders impacted by the breach.

Doiron wrote that her workplace could be reviewing Well being P.E.I.’s investigation into the breach.

Doiron mentioned she hopes to publish a report, summarizing Well being P.E.I.’s investigation in addition to suggestions obtained from affected Islanders, on the fee’s web site.

P.E.I. Privacy Commissioner Denise Doiron will be reviewing the Health P.E.I. investigation into the April 2022 data breach.- Stu Neatby — P.E.I. Privateness Commissioner Denise Doiron shall be reviewing the Well being P.E.I. investigation into the April 2022 knowledge breach.- Stu Neatby

Gardam mentioned he believes the info breach was far much less extreme than the cyber-attack that focused well being authorities in Newfoundland and Labrador within the fall of 2021. That assault resulted within the theft of greater than 200,000 delicate recordsdata, a few of which dated again to 1996.

“Cyber-attacks, which (are) very completely different from what occurred right here, are one thing that you simply attempt to stop and then you definately attempt to restrict injury,” Gardam mentioned.

“There’s been plenty of work carried out right here for us to really feel fairly assured that we’re in good condition for that.”

Ransomware assault

The P.E.I. authorities was additionally the goal of a ransomware assault in February 2020. A cybercriminal group finally publicly posted the confidential data of not less than 339 Island residents and 218 companies that had accessed the farming AgriStability program.

There isn’t a proof the 2020 ransomware assault affected Well being P.E.I., however a number of authorities departments have been impacted by the assault.

When requested whether or not COVID-19 measures, which have meant employees are more and more working from residence, has resulted in heightened knowledge safety dangers, Gardam responded by saying “perhaps”.

“We have shifted plenty of our work to being at residence,” he mentioned.

Source link