Posts tagged data breach
Cavoukian orders Cancer Care Ontario to implement EMR
Oct 14th
by Nestor E. Arellano
What would it take to push forward a sluggish electronic patient records initiative? An embarrassing medical records fiasco of gargantuan proportion and one irate privacy commissioner perhaps?
In the case of Cancer Care Ontario (CCO) and Information and Privacy Commissioner (IPC) Dr. Ann Cavoukian at least that seems to be how things are shaping up.
Nestor Arellano
Sometime in March this year, the CCO lost several packages of patient records pertaining to over 20,000 cancer patients. Since then investigations conducted have brought down the number of missing records (originally sent by CCO to various doctor’s offices via Canada Post’s Xpresspost courier service) to just 7,000 colon cancer screening reports.
In an unprecedented move yesterday, Cavoukian issued ordered CCO to stop the practice of sending out sensitive patient records in paper format. Cavoukian also gave the CCO until January 13 next year to show proof of compliance and report back to her office on their progress towards adopting an electronic medical records (EMR) system that will transmit the sensitive private data to doctor’s office through the Internet instead.
“I needed to give this strong order because the loss of 7,000 patient records is totally unacceptable. It could have been prevented,” Cavoukian told me yesterday. “They better comply with the order.” Read the rest of this entry »
Mobile devices & medical research — protecting personal health information
Sep 13th
By Dr. Ann Cavoukian
Nothing disappoints me more than news of yet another lost unencrypted USB key or laptop containing personal health information. Unequivocally, there have been far too many breaches of this kind, most of which could have easily been avoided by utilizing well-established privacy and security measures and building in Privacy by Design (‘PbD’)best practices.
Ann Cavoukian, Information and Privacy Commissioner of Ontario
The numbers are startling. In the U.S. over a 20-month period ending June 2011, there were 288 notable breaches impacting millions of Americans – with about a third involving mobile devices. Here in Ontario, there have been a number of high-profile breaches over the past two years impacting well over 100,000 people.
Some of these breaches have been in the health research area, as researchers have become increasingly reliant on laptop computers, memory sticks and other mobile computing storage devices, to collect and store personal information.
Concerns over the privacy and security of personal health information used for research purposes should not undermine the resounding fact that health research is extremely important, and high quality research depends on the availability of high quality information. Read the rest of this entry »
Finally, some statistics on the impact of cybercrime in Canada!
Sep 9th
Claudiu Popa
By Claudiu Popa
It’s about time. Since most companies do not benefit from security monitoring tools and technologies and many of those that do aren’t inclined to share their unfortunate events for fear of getting ridiculed at the playground, statistics on cybercrime and malware in Canada are few and far between. So kudos to Symantec for releasing some meaningful statistics on cybercrime in Canada and some global figures in general.
And it’s been a worthwhile exposure effort. One day after the Norton Cybercrime Report’s release, the Internet was already teeming with superficial coverage of the contents. Most outlets are happy to report the big global number of $114 billion in losses for the past year. Personally, I like to have a deeper look. In this case, I’ll constrain my scope to the Canadian figures and try to put things into perspective. So here goes: Read the rest of this entry »
3 tips to revitalize Anonymous
Aug 8th
By Robert McMillan
Has the Anonymous movement reached a midlife crisis?
Individuals appearing in public as Anonymous, wearing the Guy Fawkes masks popularized by the comic book and film V for Vendetta
There’s no question that the loosely confederated collective has gained members and attention over the past year, for computer attacks on PayPal, Sony, and government contractor HB Gary Federal, and for the erratic cyber-rampage carried out by its sister group, LulzSec. But maybe the group needs to grow up a bit in order to get its message across. Read the rest of this entry »
Staples should pay customers to wipe data
Jun 24th
When you want people to do something for you that is tedious and just altogether easier to skip, nothing works better than cold, hard cash.
Staples Inc. should consider paying its customers to effectively wipe their data off of storage devices they are returning to the retailer. The payment could come in the form of a credit towards the replacement storage device they buy, or just a cash refund that is a small percentage of the overall purchase. But why would Staples want to do this, you ask?
Brian Jackson, Associate Editor, ITBusiness.ca
Give Canada’s Privacy Commissioner the teeth it deserves
May 6th
Canada’s Privacy Commissioner, Jennifer Stoddart, called for her role as privacy watch dog to be given sharper teeth on Wednesday at Canada 3.0 in Stratford, Ont.
Stoddart is asking for the ability to issue stiff monetary penalties against companies that allow for customers’ data to slip through their fingers and into the hands of cyber-criminals. She’s also asking for the law to require the reporting of data breaches as soon as they occur.
Brian Jackson, Associate Editor of ITBusiness.ca
Catastrophic Playstation breach: Inventory of what you may have lost
Apr 28th
By Claudiu Popa
For the past few days, we’ve been privy to tidbits of information about the recent PlayStation Network breach (heretofore known as the PSN Breach) often dismissive and always shrouded in a certain aura of non-seriousness due to its status as an entertainment industry fixture. Indeed, breaches of government records, personal health information and financial data garner a vastly more pronounced knee-jerk reaction of shock and awe.
Claudiu Popa
By now millions of people are in receipt of a carefully worded letter, written using recycled electrons and no doubt a gazillion internal revisions. By many accounts, some 77 million members of the PlayStation(R) Network have had their information compromised by Sony and Qriocity. Far be it of these companies to acknowledge the existence of organized crime on the Internet, they indicate that “an unauthorized person” has obtained the following information. In other words, “dear loyal customer, we failed to protect the data you entrusted with us and the following information of yours is in the custody of a criminal”. Read the rest of this entry »
G20 Summit: Business data security in the ‘Zone’
Jun 22nd
WHAT’S YOUR RISK FACTOR?
The G20 Summit – truly the largest security event in Canada’s history – creates unprecedented challenges to the security of business information in the “zone.” Customer and employee records, legal and medical files, financial statements, internal memos and commercial secrets may be exposed to heightened security risks that are likely to be targeted by information criminals.
Michael Collins
Unfortunately, most companies have little or no experience adopting their complex information practices to the unpredictable environment within the “zone” or operating remotely from temporary locations outside of the “zone.”
Such times of uncertainty provide opportunities for fraudsters looking to exploit information security loopholes, yet companies’ obligations to protect their clients’ data cannot be compromised under any circumstances. Read the rest of this entry »
