An article passed on the news services in August. A theft of four laptops happened in May. There was a delay of months in notifying patients that their private information had been compromised:

“…Spokesman Steve Buick said the reason they took so long to inform the public is because they wanted to consult with the Privacy Commissioner.

“There’s no particular urgency to this, no one’s health is going to be compromised,” he said.”

reference: Thousands of patients told health info stolen

Does it take months to consult with the Privacy Commissioner? And who determined that the risk of identity theft was low? At best, the delay in notifying patients was cavalier. It is highly dangerous to underestimate the skills of hackers. Passwords do not mean unbreakable security. The health authority has the responsibility to safeguard that patient data. When they fall short of that mandate, it is their responsibility to notify immediately the people who had their private information compromised. They failed to do so.

Catherine Forsythe

[tags]data breach, privacy, security, identity theft, notification, password, hackers[/tags]