A quarter of a million confidential health records have fallen into the wrong hands, after computers were snatched from the University of Alberta Hospital recently in a brazen heist.
Although two laptops were chained to a desk in a locked room, someone evaded security measures at the hospital on June 4, prompting health officials to warn the public their personal information may be at risk.
“The reason we’re doing this is, people’s privacy may be compromised because there’s information about them that somebody else has,” said Alberta Health Services spokesman Bill Trafford.
The machines were used to house a database on disease patterns across the province like West Nile, whooping cough and mumps.
It’s unlikely patient names, birth dates, their Alberta Health Care numbers and individual test results stored inside the machines have been accessed, Trafford added, as security features on the laptops require several password entries.
Information and Privacy Commissioner Frank Work said despite password protection, he’s shocked files weren’t encrypted, and security measures were not up to snuff.
“Generally they’re very blasé about the devices in their environments and what’s on them,” Work said. “They’re just goofy about the way they’re looking after this information. We’re not mincing words about what the standard is — we’re telling them. They just have to do it.”
Further, officials aren’t sure which patients are in the list of 250,000 or where they’re from, as data is gathered from health centres all over the province.
“If it had been worse, we’d have no idea who to notify,” Work said.
Despite the obvious effort to break numerous security measures, officials are confident the thieves didn’t target the computers for the information they hold, Trafford added.
“Even though we dodged a bullet on this one, maybe it’ll spur organizations to take better care of this stuff,” Work said.