Skip to content

Questions abound over stolen laptops

There’s a low risk that thieves who took two laptops containing health information will be able to access files, but the incident should serve as a warning to the government, said a spokesman for Alberta’s privacy watchdog.

There’s a low risk that thieves who took two laptops containing health information will be able to access files, but the incident should serve as a warning to the government, said a spokesman for Alberta’s privacy watchdog.

On June 4 thieves broke into the information technology room at the provincial lab at the University of Alberta Hospital in Edmonton. Among the items reported missing were two laptops containing lab reports for communicable and reportable diseases. Some of the reports may have contained information such as patient names and personal health numbers.

“We can’t be sure what data was actually brought down because we have no way to replicate it,” said Bill Trafford, senior vice-president and chief information officer for Alberta Health Services. “There may have been names and health care numbers.”

The laptops are protected by a security program that requires multiple passwords, making unauthorized access to data extremely difficult, Trafford said. There is no indication that this data was specifically targeted or has been accessed.

“You’d need very significant expertise and tools that aren’t available publicly to bypass it,” he said. “With those layers it’s considered to be very, very safe by experts which is why we think there’s very low risk that any of the information could be discovered.”

The security system is about two years old. It’s a form of encryption but not the type that the information and privacy commissioner has been calling for in recent years, Trafford said.

“We have embarked on a program some time ago to move to that level,” he said, noting that only “a few” of the organization’s 7,000 laptops remain to be upgraded. The stolen laptops were among those awaiting an upgrade, he said.

The computers contained between 250,000 and 300,000 records.

Wayne Wood, a spokesman for the Office of the Information and Privacy Commissioner, agreed that the risk of unauthorized access was low and commended the organization for moving towards better encryption.

“I just wish their encryption process had been moving along a little faster,” he said. “We got a warning here and I think we got lucky.”

The standard in data security is to store sensitive information centrally and not on portable computers, said St. Albert MLA Ken Allred.

“I would have thought a lot of that sensitive type of information would be on a master server somewhere and they would only get access to the server,” he said.

That’s an area that the information and privacy commissioner will explore while investigating the theft, Wood said.

“There’s two questions there. Why did this have to be on a laptop? Why did it have to be so much?” Wood said.

Anyone concerned about identity theft can access provincial information at www.servicealberta.ca.

push icon
Be the first to read breaking stories. Enable push notifications on your device. Disable anytime.
No thanks