inthemediaseptember262016e

AHS privacy breach 'troubling,' says digital security expert

by Staff (feat. Tom Keenan)

CBC News
September 27, 2016

Without better technical safeguards, the confidential medical files of Albertans will remain vulnerable to security breaches, says one digital security expert.

Alberta Health Services issued a warning Monday after thousands of patients had their confidential health information "inappropriately accessed" by a former AHS employee.

The former employee accessed the information of 1,309 Albertans, and viewed the demographic information of another 11,539 patients.

The electronic files were accessed on the AHS Netcare and Netcare Personal Directory programs between January 2004 and July 2015.

"How do you not notice this?" asked Tom Keenan, a professor at the University of Calgary and the author of Technocreep.

"You need to go out there and have a proactive system that catches excessive accesses. If companies have the ability to do that, AHS — which has quite a large IT budget — should build in checks so they know when something weird is happening."

AHS said it began auditing the worker after receiving a complaint from another AHS employee, and are reassuring patients that none of the records have been altered or compromised.

However, Keenan said it's "troubling" that health officials would continue to rely on whistle-blowers to maintain the privacy of patient files.

He said government computer systems should be flagging any suspicious activity in real time, and there should be better control of access to patient records among medical professionals.

"The hospital and doctors take the view, you're unconscious and we need to treat you, so we better know everything about you and any delays might endanger your life," Keenan said. "So typically, there is a pretty wide open access, once you get past that gate of NetCare.

"Once they're in that system, if you're their patient, they know pretty much everything about you."

Although Keenan acknowledged the importance of the electronic systems for tracking patient information, he suggested the programs should be rewritten to ensure files are only accessible by medical staff actively treating a patient.

As it stands now, Keenan said any medical professional with an account could scroll through the files of any patient, at any given time.

It's not the first time AHS has been the target of a security breach, and Keenan said they will continue to happen if better safeguards are not put in place.

"There is already an ethical code, and all these employees have agreed to that, but what it comes down to is human nature," said Keenan. 

"There are so many files out there, so many medical records and so many people that have access to them … Our health records aren't quite as secure as we thought they were."

AHS said patients affected by the breach are being notified via direct-mailed letters that were sent out Monday. A phone-in line has also been established so patients can call and request a full audit of activity on their files, and Keenan recommended that patients find out when and where their files were accessed.  

Although Keenan doesn't believe the employee responsible for the breach had nefarious motivations, he said the incident should serve as a wake-up call.

"Often it's just curiosity, and AHS is not saying a lot, but they're speculating that this person just got bored and was looking at people's files out of curiosity," said Keenan. 

"There is a whole range of human motivations, but the point is that it shouldn't be done and it really ought to be caught."


Be the first to comment

Please check your e-mail for a link to activate your account.
SUBSCRIBE TO OUR NEWSLETTERS
 
SEARCH
PODCAST

The Royal Canadian Navy in the Indo-Pacific: A Discussion with Matthew Fisher

June 18, 2018



On today's Global Exchange Podcast, we turn our eyes to the Indo-Pacific, as we assess Canada's naval presence in the region, and the recent deployment of MV Asterix to take part in various multilateral exercises with Canada's Pacific allies. Join our host, Dave Perry, in conversation with CGAI Fellow Matthew Fisher, as they discuss Canada's naval presence around the Indo-Pacific, Chinese military build-up throughout the East and South China Seas, the successes of MV Asterix's recent deployment in the Pacific, and a future for the Canadian Navy in an increasingly militarized Pacific environment.


IN THE MEDIA

Security firm named in lawsuit against Ottawa once accused of recruiting ex-child soldiers

by Murray Brewster (feat. Dave Perry), CBC News, June 21, 2018

Rare foreign investment in the oilsands as Nexen proceeds with $400M expansion

by Geoffrey Morgan (feat. Kevin Birn), Financial Post, June 20, 2018

Ottawa’s efforts to restore relations with Tehran going ‘nowhere,’ says academic

by Beatrice Paez (feat. Thomas Juneau), The Hill Times, June 20, 2018


LATEST TWEETS

HEAD OFFICE
Canadian Global Affairs Institute
Suite 1800, 421-7th Avenue SW
Calgary, Alberta, Canada T2P 4K9

 

OTTAWA OFFICE
Canadian Global Affairs Institute
8 York Street, 2nd Floor
Ottawa, Ontario, Canada K1N 5S6

 

Phone: (613) 288-2529
Email: contact@cgai.ca
Web: cgai.ca

 

Making sense of our complex world.
Déchiffrer la complexité de notre monde.

 

© 2002-2018 Canadian Global Affairs Institute
Charitable Registration No. 87982 7913 RR0001

 


Sign in with Facebook | Sign in with Twitter | Sign in with Email