Physician's personal email account hacked, exposing health info of 7,000 Albertans

0822-richmond-road-diagnostics-and-treatment-centre-1.jpg

Alberta Health Services is contacting about 7,000 patients to notify them the security of their personal health information may have been compromised.

AHS said a physician working at Calgary’s Richmond Road Diagnostic and Treatment Centre is notifying thousands of patients after his personal Gmail account, which he used to transmit health information, was hacked.

“This breach is unacceptable and should never have occurred and we are certainly apologizing to our patients whose privacy may have been breached,” said Dr. Ted Braun, AHS vice president and medical director for central and southern Alberta.

“Alberta Health Services has been working with the physician to identify the patients who may have been involved and working with him to develop resources and supports for them.”

He said letters to the affected patients will go out early next week.

Braun said the account was improperly used to convey health details, which include patients’ names, dates of birth, addresses, personal health numbers and limited diagnostic and treatment information. The incident directly contravenes the information security and privacypolicies that prohibit conducting clinical business on behalf of AHS and AHS patients using non-AHS-issued email accounts.

No evidence suggests patients’ personal and health care information has been accessed by the hacker, however, police are currently investigating the matter and AHS is conducting an internal review. Braun said the physician is being co-operative. 

He said the provincial health authority has had breaches in the past but it is the first time, to his knowledge, where there has been criminal activity involving one of their staff or physicians’ personal email accounts.

Current rules for AHS physicians, staff and volunteers state they must use AHS-issued email accounts to communicate personal health information to patients. If clients don’t have an AHS-issued account, protocol says senders must use encrypted email.

By Alanna Smith

https://calgaryherald.com/news/local-news/health-information-of-7000-albertans-potentially-at-risk-after-email-hacking

Leanna Bryant