Two computers stolen from Ottawa medical centre
Published Tuesday, January 25, 2011 5:52PM EST
The Bruyere Family Medical Centre in Ottawa is warning patients that two computers used for storing personal information were stolen in October, and as a result patients should keep an eye on their credit rating.
The centre says there is a high probability that password-protected data for about 60,000 patients who used the clinic over the last 35 years was stored on the hard drives of those computers.
That data includes patient names, their date of birth, address, health card number and telephone number. The information was collected from 1971 to 2006.
Of the 60,000 patients who potentially had their personal information stored on the computers, only 7,000 still use the clinic. No medical information was stored on the computers.
Although the computers were stolen from the ground level of the family medical centre in October, the clinic says it only recently determined that patient data could be accessed from those computers.
The centre also says there is no evidence that any of the information has been accessed or used inappropriately.
"We're extremely concerned and regret that this happened, and have taken swift and immediate action to further enhance our electronic security measures," Jean Bartkowiak, President and CEO of Bruyère Continuing Care, said in a news release.
"Times have changed; it's an electronic age, and we all need to be reminded how to best protect our personal health information."
The theft has been reported to the Ottawa police and Ontario's privacy commissioner.
Police say they believe the crime was the result of petty theft, and they don't believe the computers were stolen to access patient information.
Meanwhile, the privacy commissioner advises all large organizations that store sensitive information, in particular health information, to encrypt that data in order to give it an extra layer of security.
The privacy office has been advised that the files on the stolen computers were only password-protected.
Although encryption certainly can make a difference, it is only required if a hospital stores information that is accessible via the Internet.
If the data is kept within a hospital, then passwords are considered to be enough protection.
The medical centre says it has since implemented new security measures that encrypts information stored on computers in the clinic, as well as off-site storage data.
They have also installed better building security to make it more difficult for thieves to break-in.
As a precaution, the centre is asking any patients who suspect misuse of their personal information to obtain a copy of their credit report from a credit reporting bureau, such as Equifax (1-800-465-7166 or www.equifax.ca) or TransUnion (1-800-663-9980 or www.tuc.ca).
Patients can also access more information by visiting the Bruyere website (www.bruyère.org) or calling 613-562-6003.