Canadian government exposes health data

Canadian government exposes health data


Officials claim no criminal activity suspected

Officials in Canada are investigating a data breach that exposed the medical histories of an unknown number of patients.

The Government of Newfoundland and Labrador said that an anonymous security researcher claimed last week that he had been able to remotely access the medical histories of patients in the area.

Government officials said that the data was being housed on a government computer located at the home of a consultant.

The consultant had taken the desktop system in order to work from home, but had exposed the data through an unprotected internet connection which was then accessed by the researcher.

Information stored on the machine included patients' Medical Care Plan numbers, age and gender, physician's name and test results for diseases such as HIV and hepatitis.

The number of individuals exposed in the breach has not been disclosed, but a news report on CBC claims that no criminal activity has been found in connection with the leak. An outside firm has reportedly been hired to continue the investigation.

Security experts are already criticising the breach. UK encryption firm Cyber-Ark said that the incident was symptomatic of lax security policies in governments worldwide, citing last week's data loss at UK HM Revenue & Customs.

"Now that the Canadians have admitted to this dreadful breach of private information, that lack of security in the public sector is clearly endemic right across the globe," said Cyber-Ark director Calum Macleod.

"I dread to think about all the other cases that we never get to hear about."