Attempt to Extort Toronto Hospital Using Stolen Patient Data

From Privacy Wiki
Jump to navigation Jump to search
Attempt to Extort Toronto Hospital Using Stolen Patient Data
Short Title Medical Transcriptionist Tries to Extort Hospital Using Stolen Patient Data
Location Canada
Date October 2020

Taxonomy Insecurity, Interrogation
Information Medical and Health, Identifying, Family
Threat Actors A former employee, Toronto hospital

Individuals
Affected Toronto hospital patients
High Risk Groups Medical Patient
Secondary Consequences

A former third-party employee of a Toronto hospital steals patients personal information and tried using it to extort payment from the company.

Description

A former third-party employee has stolen personal information of roughly 150 patients of Toronto-based St. Michael’s Hospital. Allegedly he took them while on duty.

The transcribed clinical notes dictated by St. Michael’s physicians were allegedly used to extort payment from the company. Although the reports included no financial information or insurance numbers, the rogue employee allegedly stole sensitive patient data such as full names, medical and family history, diagnosis, treatment plans and medication.

This can be seen as Insecurity from the side of the hospital. The actions of the rogue employee can be seen as Interrogation.

Breakdown

Threat: Hospital not protecting patients data from being stolen
At-Risk group: Patients
Harm: Insecurity
Secondary Consequences: not known

Threat: Rogue third party employee probing medical records for personal information in order to use it to extort payment from the hospital
At-Risk group: Patients
Harm: Interrogation
Secondary Consequences: not known

Risk Statistics

Laws and Regulations

Sources

https://hotforsecurity.bitdefender.com/blog/former-medical-transcriptionist-accused-of-trying-to-extort-toronto-hospital-using-stolen-patient-data-24291.html