DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ca: Personal Health Data Breach Triggers Trillium Hospital Class Action

Posted on June 22, 2016 by Dissent

The following is a press release:

A proposed class action for a breach of privacy has been commenced against Trillium Health Partners, Mississauga Ophthalmologist Dr. Tony Vettese, and his assistant, Lisa Lyons.

Mississauga businesswoman and Trillium patient Katie Mallinson has alleged that Lyons used her access to Trillium’s entire database to secretly review the confidential medical records of Trillium patients for many years and hundreds of times.

The class action characterizes Lyons as an electronic “Peeping Tom”, who surreptitiously looked into the private lives of her victims, for her own amusement. Neither Mallinson nor Class Members are current patients of Vettese.

Such records contain highly sensitive and private information about patients’ medical histories. For example medications taken, treatments received, operations undergone, the diseases and disorders they may suffer from, and family circumstances, among others.

The claim seeks $2 million in general damages as well as exemplary damages and punitive damages, plus individual awards for class members, costs and interest.

The claim alleges that Trillium’s privacy policies and procedures were inadequate, underfunded, and unenforced.  It also contends that Dr. Vettese left Lyons to her own devices for hours at a time, and that despite being one of Ontario’s top paid physicians he spent neither money nor time protecting the privacy interests of Trillium patients.

The total number of patients affected is not yet known.  Lyons was given unrestricted access to every record of every patient the hospital has ever treated.  The Hospital’s privacy office failed to detect any of Lyon’s misconduct, and only began investigating when Ms. Mallinson reported her own suspicions of it.

The claim also alleges that Trillium has conducted only a cursory internal investigation, and asks Ontario’s Superior Court to appoint an auditor to determine the full extent of the breach of privacy.

The allegations have not yet been proven in Court.

Trillium has already admitted to Ms. Mallinson that her medical information was improperly accessed by Lyons for at least four years, and says that Lyons herself has acknowledged to it that she did so.

The Plaintiff’s counsel is the Mississauga litigation firm of Du Vernet, Stewart, who were successful counsel in the Ontario Court of Appeal case, which established the common law right to privacy in Ontario, Jones v. Tsige.

Potential class action members who have already been advised by Trillium that their privacy has been invaded, or who suspect they have been victim of this privacy breach are asked to contact the firm for more information about the case.

The incidents alleged above appear to be unrelated to another report involving Trillium that I had noted on this site last year.  Interestingly, though, both allege inadequate investigation of alleged breaches.

Of note, how will a lawsuit like this fare in Canada where they do not have the Clapper decision to contend with to establish standing?  Stay tuned…

Update: it turns out the lead plaintiff is the sister of Lyons.

Related posts:

  • UPDATE: Trillium Health IT specialist pleads guilty to stealing personal info from colleagues’ computers
Category: Health DataInsiderNon-U.S.

Post navigation

← ME: Portland Jetport loses thumb drive with personal info of 950 employees
Information on 154 million voters exposed in the cloud – again. (Updated) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.