Laptops with patient information stolen from Alta. hospital
The University of Alberta Hospital is reporting that a burglary occurred earlier this month resulting in two laptops containing patient information being stolen.
Alberta Health Services said the theft happened on June 4th, in the hospital's Provincial Lab Information Technology room.
Two laptops with health information of 250,000 people were stolen. Information on the laptops are said to include names, birth dates, personal health numbers and lab test results for communicable and reportable diseases such as sexually transmitted diseases.
The hospital said the laptops are protected by a security program that requires multiple passwords to be entered before information is made accessible.
"The public should not be concerned, we believe there's a very low, low risk of any information on those devices being made accessible to anybody else," said Bill Trafford, chief information officer of Alberta Health Services.
AHS said so far there is no indication that the data has been accessed. But the Information and Privacy Commissioner Frank Work said he is shocked that the two laptops were not encrypted.
"The standard in Alberta for storing personal or health information on portable devices is encryption. I can't accept anything less. This is highly sensitive information and an issue of public trust. How can the public have faith in public bodies if they can't provide security for personal information?", he said in a news release.
Work said encryption technology is readily accessible.
"If you are going to store personal information on a portable device, you had better make sure that encrypting that information is a priority," he said.
Trafford said the latest laptops to be stolen were encrypted but not with the most up-to-date software.
"These devices had a very very solid version of protection on them that we've used third parties to try and break and nobody's been able to break them," he said.
AHS said they're in the process of getting all their computers up to date with the latest encryption technology.
In 2007, Capital Health announced an overhaul of its security system after a memory stick was stolen from a pediatrician's purse at the Glenrose Hospital. The stick contained medical records of young patients. Also that year, four Capital Health laptops were stolen containing patient information.
AHS said the delay in encrypting was due to the fact that the process is time consuming and expensive. But Work still insists that it's the only way to go.
Edmonton police, AHS and the Privacy Commissioner are all involved in this latest investigation.
Members of the public are being asked to direct questions or concerns related to this incident to 1-877-354-8811.