Earlier today I posted a news item about how Medicare numbers of some New Brunswick, Canada patients were being reissued after a breach involving a clinic. This report, below, suggests that the breach was worse than originally reported:
New Brunswick’s privacy commissioner says a break-in this month at a Woodstock doctor’s office poses a serious threat to patients’ personal information.
Anne Bertrand says even names and birth dates are enough to put people’s privacy at risk.
“When you couple that with another level such as a medicare number, it gets more important that these people start to worry,” she said.
Thieves hit the offices of Dr. Frances Alborg on the weekend of Jan. 8. Police say their prime targets were likely the $400 in cash, iPods and over-the-counter painkilling drugs that were stolen, but they also took four laptop computers.
One had patient information on it, including medicare numbers, patient names and addresses. The laptops were in a locked cabinet, according to the doctor.
Rules introduced in September required patient information stored on mobile devices such as laptops be encrypted and password-protected. The information on the stolen laptop was not encrypted.
The clinic has sent out hundreds of letters alerting affected people.
[…]
Bertrand commended the doctor’s office for acting quickly to notify medicare and patients. She said the privacy office is still interested in finding out more about the contents of the missing laptops and whether there was any unauthorized access to paper files during the burglary.
Read more on CBC.ca
I’m glad to see that they’re thinking about paper records, too!
Would suck to have happen this to me……