Health Data Breach Cost: Canada’s Durham Region Health Settles USB Loss For $500,000.

The loss of a USB memory stick with medical information on over 80,000 Canadians is translating to $500,000 in “costs, disbursements, and taxes” for Durham Region Health, according to The Toronto Star.  The use of disk encryption like AlertBoot, a sign that Durham Region has gone an extensive way to secure medical data would probably rendered the lawsuit meritless.

Nurse Loses USB Key

If you’ll recall, Durham Region Health had a data breach back in 2009.  A nurse dropped a USB flashdrive, which was subsequently picked up by some passerby and left on a rock, which was later lifted by another passerby (those security cameras sure come in handy).  The loss of the USB stick triggered a data breach, seeing how the device had patient data such as names, phone numbers, physician names, and whether a patient was vaccinated against bird flu.

Fast-forward 2.5 years, and we’re seeing the possible resolution of a lawsuit.  “Possible” because the judge on the case still has to give his OK, but the two parties duking it out court have already agreed to settle.

The lawsuit was only filed in April 2011, according to, and originally demanded $40 million

Patient Data Worth Four Times as Much as Regular Personal Data?

The settlement puts the price of a patient’s data at $5.99 per person.

As a comparison, Facebook’s 2011 ad revenue is $9.51 in the US and Canada; $4.86 in Europe; $1.79 in Asia; and $1.42 everywhere else.

These are discordant segments of society (medical, with its emphasis on patient privacy, vs. web 2.0 “you have no privacy”), so it’s not an apple to apple comparison, but, it would appear that the settlement’s figures out to be higher: at least $9.51 (it’s one way of measuring the worth of a person’s data) plus some kind of charge as a penalty/punishment for Durham Region.

Related Articles and Sites:–durham-region-health-class-action-lawsuit-puts-price-on-personal-information

Comments (0)

Let us know what you think