DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

More transparency needed in Health Authority insider breaches

Posted on August 3, 2012 by Dissent

CBC News reports:

Health authorities in Labrador and central Newfoundland acknowledge they have disciplined workers for previously-unreported privacy breaches.

Last year, Central Health admitted to a serious breach of privacy involving 19 patients. The employee responsible was fired.

Since then, the board has not publicly reported any other breaches — until being asked by CBC News.

“We did not disclose two,” Central Health CEO Karen McGrath said. “While they were serious, we believed we had talked to, disclosed to the clients themselves, and felt it was not either in the best interest of the clients to actually publicly disclose this.”

McGrath says that both cases involved less than 10 patients. In one case the employee was suspended; in the other, the employee quit.

Central Health did inform the privacy commissioner, but had no intention of informing the public.

“I think that’s true for all the health authorities,” McGrath said. “We don’t disclose all breaches.”

Read more on CBC News.

And why should they disclose publicly if they don’t have to, right?

Even when they do disclose breaches – to patients or the public – full transparency may not be the order of the day for the health authorities. This week, I posted an item about a breach at Western Health Authority in Newfoundland.  Western Health had reportedly fired an employee who improperly accessed over 1,000 patients’ records.  Neither the media report nor a statement on Western Health’s web site addressed the employee’s motivation in accessing the patient records.

I contacted the health authority and asked for a statement about the motivation behind the access.  By email, a spokesperson replied that they were not able to comment on the motives of the employee.

Why not? Do they not know?  Or do they know but are refusing to disclose?

Those who are affected by a breach need to know sufficient details so that they can evaluate the risk of harm. An employee who’s snooping out of curiosity is one thing.  An employee who is accessing records and possibly recording information to be misused subsequently is something else. Both are problematic – especially if the health records contain sensitive information – but how can patients assess the situation if important information is withheld from them?

The Western Health Authority did not name the employee, and I do not criticize them for that. But unless authorities are legally prohibited from disclosing more details about the breach, I think they not only should, but owe it to the victims of the breach to do so.

Because other breaches were not disclosed publicly, I do not know whether patients were provided with any explanation of those insider breaches. In at least one publicly reported case, they were. But the rest?

It seems that it’s not just the U.S. that needs a mandatory breach notification law that includes important elements of breach details.

Update: Apparently, the New Democrats agree more transparency is needed.

No related posts.

Category: Health Data

Post navigation

← Australian Fishing Trade Association (AFTA) Hacked, 900 Accounts Leaked By #DoktorBass
Defining Reasonable Security →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.