DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ca: Personal Health Data Breach Triggers Trillium Hospital Class Action

Posted on June 22, 2016 by Dissent

The following is a press release:

A proposed class action for a breach of privacy has been commenced against Trillium Health Partners, Mississauga Ophthalmologist Dr. Tony Vettese, and his assistant, Lisa Lyons.

Mississauga businesswoman and Trillium patient Katie Mallinson has alleged that Lyons used her access to Trillium’s entire database to secretly review the confidential medical records of Trillium patients for many years and hundreds of times.

The class action characterizes Lyons as an electronic “Peeping Tom”, who surreptitiously looked into the private lives of her victims, for her own amusement. Neither Mallinson nor Class Members are current patients of Vettese.

Such records contain highly sensitive and private information about patients’ medical histories. For example medications taken, treatments received, operations undergone, the diseases and disorders they may suffer from, and family circumstances, among others.

The claim seeks $2 million in general damages as well as exemplary damages and punitive damages, plus individual awards for class members, costs and interest.

The claim alleges that Trillium’s privacy policies and procedures were inadequate, underfunded, and unenforced.  It also contends that Dr. Vettese left Lyons to her own devices for hours at a time, and that despite being one of Ontario’s top paid physicians he spent neither money nor time protecting the privacy interests of Trillium patients.

The total number of patients affected is not yet known.  Lyons was given unrestricted access to every record of every patient the hospital has ever treated.  The Hospital’s privacy office failed to detect any of Lyon’s misconduct, and only began investigating when Ms. Mallinson reported her own suspicions of it.

The claim also alleges that Trillium has conducted only a cursory internal investigation, and asks Ontario’s Superior Court to appoint an auditor to determine the full extent of the breach of privacy.

The allegations have not yet been proven in Court.

Trillium has already admitted to Ms. Mallinson that her medical information was improperly accessed by Lyons for at least four years, and says that Lyons herself has acknowledged to it that she did so.

The Plaintiff’s counsel is the Mississauga litigation firm of Du Vernet, Stewart, who were successful counsel in the Ontario Court of Appeal case, which established the common law right to privacy in Ontario, Jones v. Tsige.

Potential class action members who have already been advised by Trillium that their privacy has been invaded, or who suspect they have been victim of this privacy breach are asked to contact the firm for more information about the case.

The incidents alleged above appear to be unrelated to another report involving Trillium that I had noted on this site last year.  Interestingly, though, both allege inadequate investigation of alleged breaches.

Of note, how will a lawsuit like this fare in Canada where they do not have the Clapper decision to contend with to establish standing?  Stay tuned…

Update: it turns out the lead plaintiff is the sister of Lyons.

Related posts:

  • UPDATE: Trillium Health IT specialist pleads guilty to stealing personal info from colleagues’ computers
Category: Health DataInsiderNon-U.S.

Post navigation

← ME: Portland Jetport loses thumb drive with personal info of 950 employees
Information on 154 million voters exposed in the cloud – again. (Updated) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.