620,000 patients’ information lost as unencrypted laptop stolen


On Oct. 1, Medicentre, a company that runs primary care clinics throughout Alberta, reported stolen a laptop that contained 620,000 patients’ information. The theft actually occurred on Sept. 26, and no one seems sure why there was a delay in reporting the laptop stolen.

Further, the entire episode is coming to light now only because Alberta Health Minister Fred Horne is throwing a temper tantrum that his office wasn’t made aware of the theft until Tuesday. Horne was notified as part of Medicentre’s “public information campaign,” an obvious effort to fight what should be a major public outcry. Medicentre is rolling out newspaper ads and a call centre to avoid harsh criticism for their unbelievable blunder.

Speaking to a news conference at the provincial legislature on Tuesday, Horne said, “On behalf of the citizens of this province I’m quite frankly outraged that this would not have been reported to myself or my department sooner.”

Another group that might have found this information valuable is the residents of Alberta, who make up most of Medicentre’s clients and many of whose information is now … somewhere.

Medicentre, for its part, has vowed to rectify certain insecurities. Two major steps it will take in future:

  • Not using laptops for sensitive client information, “unless absolutely necessary.”
  • Patient’s information will now be encrypted.

Yes, that is correct. Medicentre has been holding information on its patients — billing codes, diagnostic codes, birthdates, names — without any basic protections to keep looky-loos out. But don’t worry, now that they’ve lost the information of over half a million patients they promise to work on their standards.

[The Globe and Mail] [image via Robert Thivierge/Flickr]

, ,