An email containing sensitive patient information was accidentally sent to the wrong individual, putting the information of over 1,200 patients at risk.
On June 23, 2020, a health centre staff member with the University of Lethbridge accidentally emailed a non-encrypted spreadsheet with confidential information to a student. The data breach endangered the information of 1,225 patients of the university’s health centre, who include students, staff, and faculty.
CBC News reported that, according to an email statement from the university, the information contained included patients’ full birth names, birth dates, personal health numbers, and even the list of family physicians each patient had seen since 2015.
After the mistake was discovered the next day on June 24, the health centre contacted the student who mistakenly received the email, asking that the spreadsheet with the information be deleted. The student has yet to respond to the request.
“Maintaining the privacy of confidential information is of the utmost importance to the staff of the U of L Health Centre, a responsibility they take very seriously,” the university said in a statement.
“A mistake was made, and, as a result, the health centre’s protocols for handling personal information have been thoroughly reviewed and communication policies and privacy protocols have been reinforced with all staff members.”
Alberta’s privacy commissioner has confirmed that the data breach was reported to the office in July, and that an official investigation is underway.