Alberta health board cleared in records breach
Last Updated: Thursday, December 10, 2009 | 5:14 PM MT
CBC News
The Alberta privacy commissioner's office has found that the province's health board had reasonable security measures in place when a virus targeted a computer network in July, potentially affecting the personal health information of thousands of people.
"AHS [Alberta Health Services] had an anti-malware system, firewalls and an intrusion detection system in place. In my opinion, these are reasonable controls to protect health information against malware," report author Brian Hamilton writes.
"I noted some areas for improvement ... but it is important to understand the HIA [Health Information Act] holds custodians to a standard of reasonableness, not perfection."
The virus was a Trojan horse program known as "Coreflood." It targeted Alberta Health Services' Edmonton computer network and captured information from some clients' Netcare electronic health records and transmitted them to a external server.
After notifying the public about the incident on July 8, AHS sent letters to 11,582 people whose information might have been compromised by the virus between May 14 and May 29.
That move was praised by Hamilton in his report.
"The HIA does not require custodians to notify individuals whose health information has been disclosed inappropriately," he writes. "I believe AHS took a prudent and responsible course of action by notifying the patients whose Netcare records may have been exposed.
AHS improving monitoring, official says
AHS did a forensic analysis into the incident and will review and improve some of its security and monitoring measures, the report said.
Some improvements have already been made to the system that monitors viruses and more are coming said Bill Trafford, the senior vice-president and chief information officer for Alberta Health Services. "With the work we are doing and will complete over the next six to 12 months — the end of March for a major part of it — the possibility of an event is far less likely," he said.
The virus was first detected by AHS at the end of March after receiving reports about the financial system crashing. The virus was removed from about 3,500 computers. No health information was believed to have been transmitted.
But in late May, the virus was detected again.
In its analysis, AHS found two groups were at risk — the people whose health records were accessed on an infected computer and employees who accessed their email and personal banking accounts at work.
Hamilton agrees with AHS' assessment that the information in the electronic health records could likely not be used for identity theft. But he says people need to know if their health records have been exposed because the information is so personal.
But Hamilton believes the people who accessed their bank accounts at an infected computer are at a higher risk. Those people were told to change their passwords and watch their bank accounts.
Share Tools
Latest Edmonton News Headlines
- Heart-shaped cucumbers a hit for Alberta grower
- Doef's Greenhouses in Lacombe, Alta. is the only Canadian grower of those heart-shaped cucumbers you see at the grocery store. more »
- Messam leaves Esks to try out with Dolphins
- The Edmonton Eskimos tailback signed a multi-year contract with the NFL's Miami Dolphins on Tuesday. more »
- Sherwood Park poodle wins big at famed dog show
- A poodle owned by a Sherwood Park veterinarian and breeder has won top honours at the world-renowned Westminster Dog Show in New York City. more »
- Truck, rifle found in connection to Killam RCMP shootings
- RCMP have found the black 2000 Chevrolet Silverado truck they were seeking in the shootings of two officers near Killam, Alta. last week. more »
Top News Headlines
- Air Canada confident it can reach deal with pilots
- Travellers flying Air Canada can keep booking their flights as negotiations continue with a new federally appointed mediator to help resolve an ongoing contract dispute between the airline and its pilots. more »
- Legalize pot, say former B.C. attorneys general
- Four former B.C. attorneys general are joining a coalition of health and justice experts calling for the legalization of marijuana. more »
- Whitney Houston's funeral to be held Saturday
- Pop star Whitney Houston's funeral service will be held Saturday in the New Jersey church where she first showcased her singing talents as a child. more »
- Online surveillance bill targets child porn: Toews
- A bill that would give police and intelligence agencies new powers to access Canadians' electronic communications is needed to protect against child pornography, says Public Safety Minister Vic Toews. more »
- Heart-shaped cucumbers a hit for Alberta grower
- Truck, rifle found in connection to Killam RCMP shootings
- Sherwood Park poodle wins big at famed dog show
- St. Mark School to stay open
- Leduc, Alta. train victim identified
- Alberta bus crash survivor wants to thank rescuer
- Mother in court to see man charged in daughter's death
- Alberta's proposed Education Act targets schoolyard bullies
- ETS introduces cash-counting fare boxes
