Health PEI employee data breached after laptop theft

Details of 4,000 patients also on the device

Health PEI employee data breached after laptop theft

Information of employees and patients of Health PEI have been compromised after an employee's laptop containing their data was stolen in early April.

Personal information belonging to more than 1,200 Health PEI long-term care staff were said to be on the laptop, including their names, positions, hours worked, as well as rate of pay. No banking or financial information were said to be on the stolen equipment, according to authorities.

Information of more than 4,000 patients were also said to be on the laptop, including their visits to PEI emergency departments between the dates of September 1, 2021, and October 13, 2021, including reason for visit, diagnosis, and the name of the physician.

Their names, dates of birth, health card numbers, gender, and postal code were also included in the information that can be accessed from the laptop, according to authorities.

In addition, information of individuals who were in the hospital awaiting long-term care were also compromised. Data included demographic information, including the patients' name, health card number and information about their admission to the hospital.

The said laptop theft was reported to the police the following day, according to the provincial government. The laptop was password protected and information technology staff were also able to secure their information as soon as possible, including resetting the gadget's password.

"The likelihood of anyone actually being able to access the information is believed to be low," read the provincial government's announcement.

The information from the laptop is also not considered a risk for identity theft, according to the Health PEI.

Despite this, the provincial health authority sent letters to those whose information may have been breached and expressed their apologies to them.

"Employees have an expectation and right to privacy with regard to their personal information. This breach affected a large number of our long-term care staff who have gone above and beyond at all times and especially during the COVID-19 pandemic. On behalf of Health PEI, I am sorry that this happened," said Dr. Michael Gardam, Health PEI chief executive officer, in a statement.

He also offered his apologies to the patients affected, adding that additional steps will be taken to ensure the information security of their patients in the future.

"Patient information is incredibly sensitive and Health PEI takes the protection of personal health information seriously," said Gardam.

"Health PEI is conducting a full review of this situation to ensure any gaps in our protocols are discovered so we can make any changes to improve the security of patient information moving forward."

Read more: What does Morrisons data breach mean for employers?

Security breaches

Security breaches are a huge concern for both employees and employers alike, no matter what its cause may be. However, these instances may be avoided through technological and administrative measures

Data law expert Bradley Freedman, a partner at Borden Ladner Gervais, previously said that all levels of an organisation, including HR, have a role to play in mitigating security breaches.

Mitigation measures start with checks on employees, as well as other individuals who will be accessing an organisation's systems, such as contractors, suppliers, and temp workers.

"You shouldn't have one big network where everyone can access everything. It should be all be segregated and locked down, with technological measures that do that," advised Freedman.

And should a security breach take place, Freedman said organisations should have systems to minimise its impact.

"Organisations ought to have an incident response plan and a designated team – a trained and tested team and plan – so that they’re ready to respond immediately," he said.