Mariam Ibrahim reports: Health Minister Fred Horne said Tuesday he is in the process of considering amendments to provincial legislation in the wake of Alberta’s largest privacy breach, that saw the health information of 620,000 Medicentres patients lost. […] “I am in the process now of considering amendments to the Health Information Act. I’ve always…
360 million newly stolen credentials on black market – Hold Security LLC
Jim Finkle reports: A cybersecurity firm said on Tuesday that it uncovered stolen credentials from some 360 million accounts that are available for sale on cyber black markets, though it is unsure where they came from or what they can be used to access. The discovery could represent more of a risk to consumers and…
UK: MPs' anger at missing data on who has patient records
Randeep Ramesh reports: Stephen Dorrell, Tory chairman of the health select committee, has said he will write to the health secretary, Jeremy Hunt, to ask for details about which organisations have acquired medical records since 2010. His pledge came after officials at the new arms-length body said they could retrieve data only from the last…
HK hospital worker mum on patient data loss till 3 days later
Computerworld Hong Kong reports: A Queen Elizabeth Hospital staffer lost a USB flash drive holding personal data of 92 patients, information of drug prescriptions, and dispensing related documents on Feb 18, but only reported the case to the hospital three days later. The missing USB flash drive–without encryption and password protection–belongs to a pharmacy department…
Minnesota data breach law demonstrates risks of knee-jerk reactions
I just shook my head yesterday when I heard about a proposed law in Minnesota that would require breach notification within 48 hours of discovery, the offer of free credit monitoring for one year, and golly gee, a $100 gift card that would be valid for one year if the breached entity was a retailer. Apparently I…
UK: Failure to adequately redact results in undertaking for Treasury Solicitor’s Department
In the UK, the Treasury Solicitor’s Department has signed an undertaking with the Information Commissioenr’s Office. As described in the undertaking, there had been a number self-reported breaches involving exposure of individuals’ information due to incomplete redactions or failure to fully check: The Information Commissioner (the ‘Commissioner’) was contacted by the data controller on 6…