Because we don’t have a privacy commissioner who actually — gasp — investigates breaches and issues findings, and all we have is HHS which doesn’t publish its findings and leaves us generally in the dark, this report out of Canada is especially interesting.
The Alberta privacy commissioner’s office has found that the province’s health board had reasonable security measures in place when a virus targeted a computer network in July, potentially affecting the personal health information of thousands of people.
“AHS [Alberta Health Services] had an anti-malware system, firewalls and an intrusion detection system in place. In my opinion, these are reasonable controls to protect health information against malware,” report author Brian Hamilton writes.
“I noted some areas for improvement … but it is important to understand the HIA [Health Information Act] holds custodians to a standard of reasonableness, not perfection.”
The virus was a Trojan horse program known as “Coreflood.” It targeted Alberta Health Services’ Edmonton computer network and captured information from some clients’ Netcare electronic health records and transmitted them to a external server.
[…]
Read more from CBC News.