Personal health information of 2,690 people inappropriately accessed by former employee
Nova Scotia Health has fired one of its workers for inappropriately accessing the personal health information of over 2,000 patients at one hospital.
The worker accessed the data of 2,690 people at St. Martha’s Regional Hospital.
Nova Scotia Health employees and physicians are supposed to only access information that is required for them to perform their duties, according to the organization.
Access to records is monitored and audited, and the health services provider says it is continually working “to enhance and strengthen protections and surveillance of access to records”.
“While we maintain confidence in the ethical practices of employees throughout our organization, we are extremely disappointed that an employee of Nova Scotia Health would engage in activity of this nature,” it said in a release.
“Nova Scotia Health will not tolerate any unauthorized access or snooping. Any suspicion of inappropriate access will be fully investigated and we will pursue the full force of any and all penalties available to us against offenders without hesitation, including fines and jail time where possible.”
The health provider said is reaching out by letter to those affected by the data breach.
In January, the Toronto Public Library (TPL) announced it is nearing full recovery from a cyberattack that took place last year.
How can we control cybersecurity?
Nova Scotia Health said it has notified the Office of the Information and Privacy Commissioner for Nova Scotia and that it will work with the office on any recommendations they may offer as a result of these breaches.
The health services provider claims it takes several steps to ensure all employees understand appropriate access and their obligation to keep patient information confidential, as well as to monitor access and identify inappropriate activity. These steps include:
- Criminal record checks
- Standard orientation for all new staff, including privacy training and compliance with Nova Scotia Health policies and procedures.
- Ongoing education for managers and front-line staff.
- Privacy and confidentiality training with the requirement for all Nova Scotia Health employees to complete and submit a signed pledge of confidentiality.
- Data Access Controls – only those requiring access to perform their job are granted access
- Continuous monitoring to detect unauthorized access attempts or suspicious activity.
Nova Scotial Heath also said it will continue to “seek out the ever more advanced technology to prevent breaches”.
There are several ways that healthcare organizations can defend themselves against data breaches, according to Edward Kost, cybersecurity writer at UpGuard.
“When used symbiotically, risk assessments and security ratings streamline the effort of mitigating third-party breaches,” said Kost. “Security rating drops indicated potential new vendor risk exposures requiring further investigation with risk assessments, with the remediation efforts of all. Identified threats tracked in real-time through the security rating’s improvement.”
Just about half (56 per cent) of Canadian CEOs believe their companies are prepared for a cyberattack today, and 93 per cent are worried that the emergence of generative artificial intelligence (AI) will make them even more vulnerable to breaches, according to a previous survey.