Keyboard Commando – Unauthorized AHS record access shows there’s no foolproof privacy

Mac Olsen

Several recent high-profile incidents of information breaches should make you hyper-vigilent in protecting your privacy.

Not that there is any absolutely full-proof way to protect your privacy, but if your private information falls into the wrong hands, then there can be dire consequences, of course.

In the Sept. 26 edition of the Edmonton Journal, it was announced that a former employee at Alberta Hospital Edmonton “inappropriately accessed the records of more than 1,300 patients.”

“In terms of a unique individual inappropriately accessing health records, it is not within the scope of something we have seen before,” said Dr. Francois Belanger, the interim vice-president of quality and chief medical officer.

The Journal report also says that the violations occurred over 11 years from January 2004 to July 2015. It only stopped when the AHS received a tip from the employee’s co-worker.

However, as a precaution, AHS is sending out letters to the 1,309 patients, plus 11,539 others whose basic demographic information – such as name, date of birth, address and health number – was exposed to the employee.

The Office of the Information and Privacy Commissioner has been investigating the matter. If it is determined that the former employee at Alberta Hosptial Edmonton violated patient privacy and accessed the records illegally, then criminal charges are appropriate.

When someone is put in such a position with access to sensitive and private information, and they breach the trust that they are obligated to uphold, then they should be prosecuted and convicted, and even imprisoned.

Of course, it’s not only government records and access protocols that we have to be concerned about. Breaches occur with private companies as well.

Most recently, Yahoo admitted to a password breach. The potential fallout includes “credential stuffing,” according to a report in the Globe and Mail on Sept. 27.

It works “by throwing leaked username and password combinations at a series of websites in an effort to break in, a bit like a thief finding a ring of keys in an apartment lobby and trying them, one after another, in every door in the building.”

Software makes the trial-and-error process practically instantaneous, the report adds.

Now, the company is recommending that customers reset their passwords.

But, for many customers, that may be too late. Their accounts could have been hacked and the information taken by a malevolent cybercriminal. The only thing they can do is erase their accounts and start over – and contain and repair the damage to their privacy as a result of the breach.

What it comes down to are two things. First, we have to always keep in mind that someone, somehow, will find a way to access your information for criminal purposes.

Second, always use the latest in anti-virus software and data encryption techniques to reduce the chance of a privacy breach.

Share this post