Ca: University Health Network Notifies Information and Privacy Commissioner (IPC) of stolen laptop with patient information
University Health Network (UHN) is issuing this advisory to notify patients who had surgical procedures from 2004-2010 about a stolen laptop taken from a staff person’s car on the weekend of May 8-9, 2010. The laptop contained select personal health information on about 20,000 surgical patients from all sites at University Health Network.
University Health Network, which consists of Toronto General, Toronto Western and Princess Margaret Hospitals, notified Ontario’s Information and Privacy Commissioner (IPC) on Monday, May 17, 2010 and is cooperating fully with the IPC.
Investigations by UHN determined that the patient information was from 2004 – 2010 and included patients’ names, dates and types of surgeries and, in a limited number of cases, patients’ phone numbers. UHN also found that encryption on the laptop failed, so that the information could potentially be accessed. However, it is likely that the laptop was stolen for its resale value, and not for the data.
In consultation with its Privacy Office and IT Department, UHN determined that the risk of fraud or identity theft is very low because no OHIP numbers or full contact information were saved on the computer.
Read more on CNW.
I don’t see anything on their site about this. Do you? I realize that they may not be required to post anything under Canadian law, but it would be nice to see our neighbors north of the border implement that kind of requirement.