Eastern Health has experienced a breach of privacy this week. A USB flash drive was discovered missing, and it contains a spreadsheet listing the names names, employee numbers, and social insurance numbers of about 3,300 employees.
“On behalf of Eastern Health, I want to publicly apologize to our employees whose personal information was on the missing flash drive,” says David Diamond, President and CEO of Eastern Health. “We take all breaches of privacy very seriously and are committed to exploring ways to further strengthen our privacy practices surrounding safe security measures and the storage of information on portable devices.”
An internal investigation has been conducted, but the missing flash drive has not yet been found. The Office of the Information and Privacy Commissioner has also been notified and has begun a formal investigation. So far, there is no evidence to suggest that the information on the USB drive has been used for fraudulent purposes.
Employees who names were on the flash drive are currently being advised. As a precautionary measure, Eastern Health is providing employees with some information they can use to help protect themselves against identify theft. Eastern Health also plans to upgrade its anti-virus platform so that USB drives will be automatically encrypted before use. This measure would force non-encrypted sticks to go through an encryption process before they could be used on Eastern Health computers.