Privacy Incident at St. Mary’s Involving Misplaced USB Stick

March 28th, 2019

St. Mary’s General Hospital has experienced a privacy incident due to a misplaced USB device that has led to improvements in the hospital’s privacy practices. The USB device contained de-identified postal codes, ages, genders and generalized details of surgical procedures for patients of the Day Surgery Unit and Catheterization Lab during the time period of April 1, 2017 to March 31, 2018. The device did not contain identifiable information such as names, addresses or phone numbers. St. Mary’s has no indication that the data has been accessed or that any patient’s privacy has been compromised and provides this notice out of an abundance of caution.

The USB stick had been temporarily provided to a third party as part of contracted project work at St. Mary’s. The USB device was misplaced during that work. Despite extensive efforts the device has not been located and is considered lost.

The incident has been reported to the Information and Privacy Commissioner of Ontario and St. Mary’s is working closely with the IPC to improve the hospital’s systems going forward and ensure patient privacy is protected. Measures were taken immediately to adjust the project work so that no further patient data can be misplaced.

Protecting patient privacy is a priority at St. Mary’s. We regret this incident and sincerely apologizes to all affected patients.

If any affected patients have questions or concerns, please call 1- 877-253-3662.