2 Computers in Ottawa Hospital Stolen, Compromises Patients’ Personal Data
At least 60,000 individuals who have records in the two computers stolen October 2010 from Bruyere Family Medical Centre in Ottawa are facing the risk of having their personal data exposed to anyone.
The president and CEO of Bruyere Continuing Care, Jean Bartkowiak, has confirmed the theft in the filings submitted to Ottawa police and the Office of the Information and Privacy Commissioner of Ontario. The two computers contain patient names, their date of birth, address, health card number and telephone number, which have been collected from 1971 to 2006, though the hospital’s management confirmed no medical records were stored in the hard drives.
About 7,000 of the 60,000 individuals still have transactions with the medical center. Investigation of Bruyere Family Medical Centre revealed no evidence of misused or breached personal data, said the center.
Ottawa police also downplayed suspicions that the theft was aimed at breaching the patients’ personal data, saying it was a petty theft that occurred.
In a press release, Jean Bartkowiak said the medical center has already taken the necessary measures to heighten their security and expressed remorse at what had happened on the center’s behalf.
The center has also advised its patients to monitor and secure a copy of their credit ratings from a credit reporting bureau so as not to compromise the availability of services to them.
Following the incident, Bruyere Family Medical Center has encrypted its computers which have only recently been protected by passwords. The center has also heightened security of patients’ personal data stored off-site. In addition, building parameters have also been propped up with more rigid security.
In November last year, Stoke-on-Trent City Council has signed an agreement to strengthen its security measures on information handling after losing an unencrypted Universal Serial Bus (USB) stick that contained personal data of 40 children in its care.
Investigation conducted by the Information Commissioner’s Office revealed the USB stick containing personal data of children under care proceedings was not even protected by a password.