What would you do if your company lost sensitive client information that was not properly password protected? Can you afford a $40M lawsuit? Here is an update on the Montfort Hospital security breach. Secure your data – RJR can help.

OTTAWA — A group of patients whose personal information was lost is suing Montfort Hospital in Ottawa for $40 million.

The suit stems from a lost USB memory stick that contained information on 25,000 patients. The stick was lost in November 2012 before it was eventually recovered.

The memory stick contained patient names, a summary of services received, the date of service and a code representing the health care provider on the case. It also included information on 1,255 members of the Canadian Armed Forces.

The plaintiffs are accusing the Montfort of breach of contract, negligence, breach of privacy and violating its own bylaws and the Personal Health Information and Protection Act (PHIPA),

“The contract offered peace of mind to the plaintiffs and the class members,” reads the statement of claim. “(They) believed that their personal information would be kept in a secure manner and would not be lost, disseminated or disclosed to unauthorized persons.”

The suit charges the hospital also failed to ensure the memory device was password protected and that the hospital “failed to disclose the loss of personal information “in a timely manner.”

The Montfort had previously said it had no reason to believe a third party accessed the information in the time it was missing.

The Montfort did not immediately respond to the QMI Agency’s request for comment on the lawsuit. The hospital has not yet filed a statement of defence and none of the allegations have been proven in court.

Article written by: Chris Hofley

Original Article: http://www.torontosun.com/2013/05/10/patients-sue-ottawa-hospital-for-40m-for-lost-information