Laptop with 1 in 6 Albertan's Personal Health Information Stolen - Calgarypuck Forums - The Unofficial Calgary Flames Fan Community

Sinny Darino · 01-23-2014, 01:57 PM

http://www.calgarysun.com/2014/01/22...rmation-stolen

Only quoted part of the article below...

Quote:

The theft of an unencrypted laptop in Edmonton means the personal health information of over 620,000 Albertans may be compromised, an “outraged” Health Minister Fred Horne said Wednesday.

Medicentres Family Health Care Clinics says the laptop was stolen from an information technology consultant on Sept. 26, 2013, and contains the names, birth dates, provincial health card numbers, billing codes, and diagnostic codes of 620,000 Albertans.

Medicentres notified the Edmonton Police Service and Alberta’s Information Privacy Commissioner of the theft on Oct. 1, 2013, but Health Minister Fred Horne was outraged that his office was only just told on Tuesday, nearly four months later.

“I am quite frankly outraged that this would not have been reported to myself or my department sooner,” said Horne, concerned for the safety of Albertan’s health information.

“Let’s be clear — personal information has been compromised. The information was stored on a laptop in unencrypted form and, to my knowledge, the information has not been recovered.”

The affected patients were seen at private walk-in clinics between May 2, 2011 and September 19, 2013, said Medicentres, adding they have no information suggesting the stolen information has been accessed or misused.

First the studen loan stuff was stolen, and now this...

Locke · 01-23-2014, 01:58 PM

What are they going to do with people's medical information? Not a whole lot of interesting or valuable stuff in there.

What, they were that desperate to find out jammies' hemorrhoid cream secret?

rd_aaron · 01-23-2014, 02:00 PM

Why is important information kept locally on a laptop as opposed to on servers somewhere?

troutman · 01-23-2014, 02:03 PM

It's not a tumor.

19Yzerman19 · 01-23-2014, 02:13 PM

I honestly don't much care about the confidentiality of my medical records, but I guess I can see how some would.

MarchHare · 01-23-2014, 02:18 PM

Quote:

Originally Posted by rd_aaron

Why is important information kept locally on a laptop as opposed to on servers somewhere?

That was exactly my thought when I heard this story. What possible reason is there to store this information on a laptop instead of a database server?

jammies · 01-23-2014, 02:37 PM

Quote:

Originally Posted by Locke

What, they were that desperate to find out jammies' hemorrhoid cream secret?

Well, since it is out in the wild already now, I might as well share the secret here, despite having learned it through painful trial and error that you would think would be valuable, salable information:

Not for oral consumption.

psicodude · 01-23-2014, 03:05 PM

Quote:

Originally Posted by rd_aaron

Why is important information kept locally on a laptop as opposed to on servers somewhere?

Because it's difficult and expensive. Medicentre has 16 locations (AFAIK) and probably over 100 staff. Building an application to support that sort of scale takes a lot of time and probably more than $1 mill. My guess is that their executives weighed the importance of keeping this sort of data confidential versus the cost and decided to take the risk. It happens everyday in private industry (Sony, for example).

Besides, just because it's "on a server" doesn't mean it's a whole lot more secure.

Rathji · 01-23-2014, 03:15 PM

Quote:

Originally Posted by psicodude

Because it's difficult and expensive. Medicentre has 16 locations (AFAIK) and probably over 100 staff. Building an application to support that sort of scale takes a lot of time and probably more than $1 mill. My guess is that their executives weighed the importance of keeping this sort of data confidential versus the cost and decided to take the risk. It happens everyday in private industry (Sony, for example).

Besides, just because it's "on a server" doesn't mean it's a whole lot more secure.

The server doesn't walk away that easily, but you are right the attack surface is likely almost as large on a whole. The simple solution is to build a good backend with a web interface and a solid VPN connection to each location.

The main issue I have, is to have such data on a laptop and not use at least *some* type of encryption. It is reckless, plain and simple.

Locke · 01-23-2014, 03:17 PM

Quote:

Originally Posted by rd_aaron

Why is important information kept locally on a laptop as opposed to on servers somewhere?

What, you dont keep your SIN, your signature and your credit card numbers on a cocktail napkin? I do. It makes me feel alive!

psicodude · 01-23-2014, 03:23 PM

Quote:

Originally Posted by Rathji

The main issue I have, is to have such data on a laptop and not use at least *some* type of encryption. It is reckless, plain and simple.

Yeah, no doubt. Even bitlocker would have been better than nothing.

I am not defending these decisions, by the way. Just trying to provide some context as to why and how they happen.

justkidding · 01-23-2014, 04:55 PM

Quote:

Originally Posted by rd_aaron

Why is important information kept locally on a laptop as opposed to on servers somewhere?

http://globalnews.ca/news/1100930/la...ertans-stolen/

On October 1, 2013 we were notified that a laptop belonging to an IT consultant working for Medicentres was stolen.”

Arif Bhimji, chief medical officer with Medicentres Canada says the IT consultant was working on an app at the time.

“The reason that he required this much information is that he had to test the application and that required a substantial or significant volume of patient information to be available to make sure that the application was working properly.”