Print
Discuss
Send to friend
RSS feedsOfficials in Canada are investigating a data breach that exposed the medical histories of an unknown number of patients.
The Government of Newfoundland and Labrador said that an anonymous security researcher claimed last week that he had been able to remotely access the medical histories of patients in the area.
Government officials said that the data was being housed on a government computer located at the home of a consultant.
The consultant had taken the desktop system in order to work from home, but had exposed the data through an unprotected internet connection which was then accessed by the researcher.
Information stored on the machine included patients' Medical Care Plan numbers, age and gender, physician's name and test results for diseases such as HIV and hepatitis.
The number of individuals exposed in the breach has not been disclosed, but a news report on CBC claims that no criminal activity has been found in connection with the leak. An outside firm has reportedly been hired to continue the investigation.
Security experts are already criticising the breach. UK encryption firm Cyber-Ark told vnunet.com that the incident was symptomatic of lax security policies in governments worldwide, citing last week's data loss at HM Revenue & Customs.
"Now that the Canadians have admitted to this dreadful breach of private information, that lack of security in the public sector is clearly endemic right across the globe," said Cyber-Ark director Calum Macleod.
"I dread to think about all the other cases that we never get to hear about. "
See also:
'Old, outdated and broken processes,' says Symantec 22 Nov 2007
Gartner warns of 'enormously expensive' emergency measures 22 Nov 2007
Half of employees have sent emails to the wrong person 19 Nov 2007All Privacy & Data
del.icio.us
Digg this
reddit!
