Privacy & Security

HALIFAX – As part of an ongoing investigation, more than 1,200 privacy breaches were discovered at Nova Scotia Health. The effort began in August 2020, when the organization discovered eight employees snooping into the electronic health records of people associated with the mass casualty events of April 18 and 19, 2020. Read More

LINDSAY, Ont. – Ross Memorial Hospital declared a Code Grey at 10:53 p.m. on Sunday, February 5 due to a suspected cybersecurity incident. The hospital has retained third-party cybersecurity resources to work with its technical experts to investigate the incident according to industry best practices. Read More

HALIBURTON, Ont. – Haliburton Highlands Health Services declared a Code Grey on Sunday due to an external cybersecurity issue. Officials say the issue has impacted HHHS’s access to the shared integrated information technology system with Ross Memorial Hospital in Lindsay. The code signals an infrastructure loss or failure. Read More

TORONTO – The Office of the Information and Privacy Commissioner of Ontario (IPC) has concluded its review of the high number of privacy breaches at St. Joseph’s Healthcare Hamilton due to misdirected faxes. The IPC became aware of the issue at St. Joseph’s after noticing an unusually high number of reported incidents in the hospital’s 2020 annual statistical report. All health information custodians in Ontario are required by law to submit these reports to the IPC annually. Read More

TORONTO – The University Health Network experienced a day of computer system outages on Monday, forcing it to declare a code grey. The system failure led to the delay of some patient-care procedures, but the hospital was able to restore its computers by the next day. Read More

CHICAGO – Over a five-year period, the number of ransomware attacks against U.S. healthcare delivery organizations more than doubled, according to a recent study published in JAMA Health Forum. Ransomware attacks within the healthcare industry are particularly devastating, as the cyber criminals can access personal health information (PHI), as well as potentially disrupt care delivery. Read More

TORONTO – The LockBit ransomware gang – which uses sophisticated viruses to “lock up” data until the organization under attack pays up – has apologized for targeting the Hospital for Sick Children and released a decryptor for free. According to reports on the Internet, the group’s members are prohibited from attacking healthcare organizations. Read More

VICTORIA – Sensitive personal health records of British Columbia residents, from mental health to sexually transmitted disease histories, are “disturbingly” vulnerable to leaks, the provincial privacy watchdog says. Information and privacy commissioner Michael McEvoy (pictured) says in a report released by his office in December that security gaps in the public health computer system put it at risk of abuse by bad actors, from cyber criminals to jilted lovers looking for information about an ex. Read More

PRINCE ALBERT, Sask. – A retired doctor who was careless with medical records that were meant to be shredded needs to notify former patients whose personal data might have been breached, Saskatchewan’s information and privacy commissioner says. Dr. Lalita Malhotra, a retired doctor in Prince Albert, did not undertake “adequate efforts” to contain or investigate the breach, and did not provide notice about it, Ronald J. Kruzeniski (pictured) wrote in a decision dated Dec. 5. Read More