Jun 30, 2022 in News --> Privacy Breach
Last month, the Scarborough Health Network (SHN) notified patients at three of its hospitals that their personal information and health data had been exposed to an “unauthorized actor” following a cyber security breach, according to CP24. Medical data privacy is an important aspect of a patient-centered healthcare system.
What Happened at SHN?
According to the health network, “several” of its servers were subject to unauthorized access from January 25 to February 1, 2022. Vulnerable information included patient ID numbers, names, genders, dates of birth, email addresses, home addresses, OHIP numbers, procedure descriptions, lab reports, staff names, insurance policy numbers, immunization status and diagnosis information, CP24 reported.
“SHN takes the privacy and security of patient, staff and business contact and personal information very seriously, and we sincerely regret that this incident occurred,” said SHN President and CEO Elizabeth Buller in a release. “I want to assure patients that we acted as swiftly as possible to contain and investigate the incident to ensure that our clinical operations were not impacted. Furthermore, all IT security improvements that were identified as a result of our investigation were immediately addressed.”
The security breach affected Centenary Hospital, Birchmount Hospital, and Scarborough General Hospital, all of which are currently part of the SHN. Ajax Pickering Hospital, which has since been amalgamated into Lakeridge Health, was also affected.
Other Privacy Breaches
This is not the first time that Scarborough hospital patients have been exposed to data privacy breaches. Several years ago, more than 14,000 patients sought upwards of $400 million in damages in a class action lawsuit against Scarborough’s Rouge Valley Health System. The plaintiffs’ statement of claim alleged “breach of contract, breach of warranty, breach of confidence, intrusion upon seclusion, negligence, and conspiracy.”
In Alberta, upwards of 3,000 patients at the Red Deer Regional Hospital Centre had their electronic health records accessed by two workers between October 2018 and October 2020.
Protection Against Data Breaches
Each province has privacy legislation that aims to protect patients’ sensitive data. There are also federal privacy laws in place to do the same. Last year, the Province of Ontario sought to strengthen privacy and security for virtual healthcare patients amid the COVID-19 pandemic. Guidelines released by the province’s Information and Privacy Commissioner made clear that custodians of patient information ‘must comply with the provisions of the Personal Health Information Protection Act (PHIPA),’ including provisions to minimize the amount of data they collect and take all reasonable steps to protect that data from theft, loss, and unauthorized use or disclosure.
Data Breaches and Medical Malpractice
Safeguarding sensitive personal and health information is part of the duty of care that healthcare providers owe to their patients. If you’ve been subject to a health system data breach, you may wish to contact the Information and Privacy Commissioner of Ontario and submit a formal complaint. Further information on the complaints process can be found here: https://www.ipc.on.ca/about-us/contact-us/public-complaints-policy-and-process/.
If you have otherwise been injured in a medical setting, contact Neinstein Personal Injury Lawyers today to schedule a free, no-obligation consultation with an experienced medical malpractice lawyer. Our team will assess the viability of your claim and explain the next steps in the legal process.
Select a category relevant to you.