Alberta health board cleared in records breach
Last Updated: Thursday, December 10, 2009 | 5:14 PM MT
CBC News
The Alberta privacy commissioner's office has found that the province's health board had reasonable security measures in place when a virus targeted a computer network in July, potentially affecting the personal health information of thousands of people.
"AHS [Alberta Health Services] had an anti-malware system, firewalls and an intrusion detection system in place. In my opinion, these are reasonable controls to protect health information against malware," report author Brian Hamilton writes.
"I noted some areas for improvement ... but it is important to understand the HIA [Health Information Act] holds custodians to a standard of reasonableness, not perfection."
The virus was a Trojan horse program known as "Coreflood." It targeted Alberta Health Services' Edmonton computer network and captured information from some clients' Netcare electronic health records and transmitted them to a external server.
After notifying the public about the incident on July 8, AHS sent letters to 11,582 people whose information might have been compromised by the virus between May 14 and May 29.
That move was praised by Hamilton in his report.
"The HIA does not require custodians to notify individuals whose health information has been disclosed inappropriately," he writes. "I believe AHS took a prudent and responsible course of action by notifying the patients whose Netcare records may have been exposed.
AHS improving monitoring, official says
AHS did a forensic analysis into the incident and will review and improve some of its security and monitoring measures, the report said.
Some improvements have already been made to the system that monitors viruses and more are coming said Bill Trafford, the senior vice-president and chief information officer for Alberta Health Services. "With the work we are doing and will complete over the next six to 12 months — the end of March for a major part of it — the possibility of an event is far less likely," he said.
The virus was first detected by AHS at the end of March after receiving reports about the financial system crashing. The virus was removed from about 3,500 computers. No health information was believed to have been transmitted.
But in late May, the virus was detected again.
In its analysis, AHS found two groups were at risk — the people whose health records were accessed on an infected computer and employees who accessed their email and personal banking accounts at work.
Hamilton agrees with AHS' assessment that the information in the electronic health records could likely not be used for identity theft. But he says people need to know if their health records have been exposed because the information is so personal.
But Hamilton believes the people who accessed their bank accounts at an infected computer are at a higher risk. Those people were told to change their passwords and watch their bank accounts.
Share Tools
Latest Edmonton News Headlines
- Police chief apologizes to former employee over racism
- Edmonton's chief of police has apologized to one of the department's former employees who says the racist behaviour of her boss and colleagues forced her to leave her job. more »
- Edmonton trustees named marshals of gay pride parade
- Trustees from the Edmonton Public School Board will be the honorary marshals at this year's gay pride parade. more »
- ATV collision kills teen near Hinton
- An 18-year-old male died Thursday after he was thrown from his all-terrain vehicle near Hinton. more »
- Alberta readies 60 new ambulances for service
- Around 60 new ambulances will soon be whizzing across the province thanks to a large purchase by Alberta Health Services. more »
Top News Headlines
- Attack on Syrian villages deadliest yet, activists say
- More than 90 people have been killed by regime forces in a district of central Syria, activists say, and as many as half the victims may have been children. more »
- Aylmer triple stabbing leads to first-degree murder charges
- The estranged partner of a young mother who was stabbed to death along with her parents at their home in Aylmer, Que., has been charged with first-degree murder Friday. more »
- Tornado touchdown confirmed near Montreal
- Trees were uprooted, roofs damaged and windows shattered as severe thunderstorms, and possibly a tornado, rattled through southwestern Quebec Friday night. more »
- The risks and responsibilities of taking on Mt. Everest
- The deaths of six climbers last weekend on Mt. Everest, with more summits underway this weekend, fuels the debate about the risks and responsibilities of high altitude climbing. more »
- Former MLA questions need for Alberta Party
- Police chief apologizes to former employee over racism
- ATV collision kills teen near Hinton
- Edmonton trustees named marshals of gay pride parade
- Alberta readies 60 new ambulances for service
- Oil spill clean-up underway in northern Alberta
- Garlic mustard spreading in Mill Creek Ravine
- Hobbema youth dispel stereotypes with photography
- Edmonton toddler killed by SUV in parking lot
