An investigation into patient privacy at the hospital and the termination of a former part-time instructor at Algonquin College who disclosed 283 patients' confidential information with students.
The compromised information included patients’ names, dates of birth, their CHEO medical registration number, their surgical procedure, their allergies, gender, age and any other pertinent information related to the surgery they were scheduled to receive at the hospital.
Source: https://ottawasun.com/2017/03/17/cheo-employee-breached-privacy-of-nearly-300-patients
TPRM report: https://scoringcyber.rankiteo.com/company/cheo-ottawa
"id": "che223825722",
"linkid": "cheo-ottawa",
"type": "Data Leak",
"date": "03/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Education',
'name': 'Algonquin College',
'type': 'Educational Institution'}],
'attack_vector': 'Insider Threat',
'data_breach': {'number_of_records_exposed': 283,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Health Information '
'(PHI)'},
'description': 'An investigation into patient privacy at the hospital and the '
'termination of a former part-time instructor at Algonquin '
"College who disclosed 283 patients' confidential information "
'with students.',
'impact': {'data_compromised': ['Patients’ names',
'Dates of birth',
'CHEO medical registration number',
'Surgical procedure',
'Allergies',
'Gender',
'Age',
'Other pertinent information related to the '
'surgery']},
'threat_actor': 'Former Part-Time Instructor',
'title': 'Patient Privacy Breach at Algonquin College',
'type': 'Data Breach'}