It has been revealed that Queen Elizabeth Hospital in Charlottetown suffered a data breach after an employee “inappropriately” accessed the medical information of more than 350 patients. Upon discovery, an investigation was launched, which found that the employee accessed 353 records over a three-year period.
A statement from the hospital said:
This individual broke the rules, violating the privacy and confidentiality of Islanders who entrust our health care system and our staff to safeguard their personal health information. That is unacceptable.
It has not been confirmed what specific information was accessed. The employee no longer works for the hospital, and their motive remains unknown as they “chose not to reveal why he or she accessed the records.”
The statement continued:
We do not have any reason to believe that patients’ personal health information has been further disclosed or misused, but we are continuing to investigate.
The hospital has responded very quickly to the incident and has profusely apologized. The investigation is still ongoing.
Although this breach is an example of deliberate misuse of data rather than human error, it shows the importance of effective staff training to ensure that they know how to treat confidential information.
Educate your staff
Information security is critical within the business environment. Enroll your staff on our Information Security Staff Awareness E-Learning Course so that they gain a better understanding of what is expected of them. The course advises staff on how to avoid becoming a security liability, introducing them to your internal policies on incident reporting and responses. Your staff are on the frontline, so give them the awareness training they need.