The records of 7,000 Alberta Health Services patients were compromised after a Calgary physician’s personal Gmail account was hacked.
“Our principal focus right now is working to identify and notify all affected patients,” Dr. Francois Belanger, AHS vice president of quality and chief medical officer, said in a statement.
AHS is also setting up a staffed phone line for further information or assistance.
The unnamed physician, working at the Richmond Road Diagnostic and Treatment Centre, used the personal email account in contravention to the Health Information Act and internal information security and privacy policies.
In a release, AHS said the physician was using the personal email account to transmit health information. That personal email account was subject to “criminal hacking,” the agency said.
AHS said it and the Calgary Police Service are investigating the incident.
AHS’ standing policy is to have both the physician and patient use a secure AHS email server to transmit and receive health-related information.
“Unfortunately, these policies were not followed in this instance, which underscores the need for AHS to do further work to educate physicians and staff about this vitally important practice,” Belanger said.
AHS’ legal and privacy department also advised the Office of the Information and Privacy Commissioner, saying they will work cooperatively with the commissioner for any further investigations.