Current Conditions
2.2 C
Light Rain
Today's Forecast
0 C
Periods of rain or drizzle
Sponsored by Highland Ford

News And Views




Shop Local

More Local

Search The Web

Google Search

Local News

Online security breach at SAH disgruntles many job seekers

Friday, October 25, 2013   by: Darren Taylor

A reader has informed us that he has been the target of unsolicited emails, texts and telemarketing calls, and claims this is the result of a mishap involving the Sault Area Hospital (SAH) website's online job application system.

The reader was notified by SAH in a letter dated October 24, 2013 that an accidental privacy breach led to information contained in online applications to SAH being made available through world wide web Google search results.

Resumes and cover letters submitted through a new database on SAH's website from August 16 to October 2 were accidentally made available to Google because the vendor (the company which designs and hosts SAH's website) did not enable the database security settings.

The situation was explained, and apologized for, in a letter sent from SAH to affected job applicants.

It is estimated by SAH approximately 500 applicants were affected.

Upon discovery of the problem, SAH and its vendor took immediate action and security settings on the SAH website were activated.

Google was notified and the mammoth search engine removed the affected job applications.

SAH Public Affairs Officer Rose Calibani told "On October 2, we received a phone call from a community member who informed us their resume appeared online."

"We immediately looked into it and rectified it. Literally, within an hour, we had the privacy settings on."

"The vendor didn't enable the privacy settings on the database so they were enabled immediately and Google was notified. It took several hours for Google to remove the applications from their cache," Calibani said.

Calibani emphasized: "This database error has nothing to do with our information technology department at Sault Area Hospital.  It totally concerns the vendor."

"We've been working very closely with the vendor and they're well aware of our issues. Those issues have been rectified and the vendor understands the implications of what's happened. Both the Hospital and the vendor have worked closely to rectify the situation, to make sure it doesn't happen again."

Calibani also emphasized: "It's really important for people to understand this in no way, shape or form impacts the integrity of any patient's healthcare information. This is not a healthcare privacy breach, because there seems to be some confusion over that."

Calibani told us two affected job applicants have called SAH to complain about the development.

Regarding anyone who feels they have become the target of unsolicited emails, texts and telemarketing calls as a result of this development, Calibani said: "Certainly this was an error and we understand there could be consequences for people."

"If people have any concerns they can certainly speak to us or take it up with the Privacy Commissioner of Canada."

While Calibani and other SAH staff have declined to name "the vendor" involved, the SAH website indicates it is designed and hosted by SK Group, a Sault Ste. Marie marketing firm.

SK Group President Sherry Berlinghoff told Friday: "We took care of this problem immediately."

"We stayed on it continually…we did not wait for Google to respond, we broke all the links and did everything we were supposed to do."

In regard to any of the affected SAH online job applicants receiving unsolicited emails, texts and telemarketing calls as a result of the security breach, Berlinghoff stated: "I have no knowledge of that. I can't see that being the culprit."

"I don't see a link between the two, and we're still monitoring it," Berlinghoff said.


Note: Comments that appear on the site are not the opinion of If you see an abusive post, please click the link beside the post to report it.
sAUCEY 10/25/2013 4:00:45 PM Report

If this were America there would be some extreme sueing going on .
Gumby54 10/25/2013 4:50:41 PM Report

SK Group gets the Business Development Award which is like an atta boy and then they get an awe $h1t. Sometimes you are the windsheild and sometimes you are the bug.
CRaginskis 10/25/2013 5:16:36 PM Report

This happened to me and I got a letter.
Tag33&1/3rd 10/25/2013 5:17:25 PM Report

Not just emails and telemarketing can happen as a result of this---alot more can happen-- so they shouldn't just brush it off (SAH) -- wouldn't it be common sense to turn the bloody thing on? Wow!
tiared 10/25/2013 5:55:41 PM Report

Sherry Berlinghoff, how can you say that unsolicited emails, unwanted texts, and telemarketers don't affect the people whose cover letters and resumes were sent to the viral world. Are you not seeing the whole picture?, or the ramifications of this error? I believe that legal action should be taken by all the job seekers affected.
R0FL0L 10/25/2013 6:00:34 PM Report

I am surprised that not more people get upset about this privacy breech. The Comment section should be flooded. AND why is it now in the news? Almost 2 month AFTER?? "new database on SAH's website from August 16 to October 2 were accidentally made available to Google because the vendor" Why was the SAH not pro-active and reported this breech to the public immediately with an apology? So they thought they get away with it. Because if the " reader" would not have informed SooToday and Sault Star we still would not have known about it??
Congratulation to SooToday for doing some true journalism and look for the name of the company. Sault Star just took SAH word and wrote"Paluzzi declined to name the company that made the error" Makes you think, what would SAH do if there is a true HealthRecordBreech?? hmmmm
Working Man 10/25/2013 7:17:10 PM Report

I received that letter also. And I didn't get any unsolicited emails or phone calls whatsoever.

Your name and address can be found on google through the white pages. So, basically, almost everybody has the same problem.
northbound1 10/25/2013 7:17:56 PM Report

I hope by "took care of the problem" she means they fired the dumbass.
BlackHelix 10/25/2013 9:34:41 PM Report

FYI, you don't have the expectation of privacy by having a resume accidentally published on the internet. Legal actions, really? That's so absurd it's funny
Sam C 10/25/2013 9:46:38 PM Report

I'm curious to know how these people determined that the "unsolicited emails, texts and telemarketing calls" are the result of this breach?

I receive a fair number of unwanted calls and email, and I have not experienced privacy breach.
JustMe1234567 10/25/2013 9:54:01 PM Report

Rookie mistake?
otterwatcher 10/25/2013 9:56:42 PM Report

I received the letter and am affected by this privacy breach. I googled my name, and there is information on the internet about my education that was not there before, including the dates that I graduated from college. I am not happy. There is no excuse for what has happened. I am a private person, and for me, this is an invasion of my privacy and life.
JustMe1234567 10/25/2013 10:10:20 PM Report

So the Hospital found out on Oct 2 and "fixed it right away"
But the 500 (!) people affected didn't receive a letter until Oct 24th? Why the delay?
I think they could/should have alerted people immediately.
But things go wrong on the internet folks, a lot, get used to it, or get off the grid.

nathansauve 10/25/2013 11:18:52 PM Report

google searches more than just mammoths.
Snobank 10/25/2013 11:32:13 PM Report

I have received unsolicited emails, unwanted texts, and telemarketers. Funny thing is, I don't remember sending a letter to the SAH. Think I had better sue.
sinikka 10/26/2013 7:26:30 AM Report

I am willing to bet that some of the people who complained about their private lives being made public have more information about themselves on facebook than on their resumes. Also I don't believe that suing will accomplish anything . How does one prove that there were damages from the breach. Cmon people, mistakes are made and in this case admitted , so take a chill pill.
jojo12345 10/26/2013 10:02:02 AM Report

really doesn't matter SAH take volunteer all the time so they don't have to pay no one
why they will hire anyone when they can have peoples working for them free
they have over 400 volunteer in there and keep bringing more and more..even if you send a job is available there ..
IB-fine 10/26/2013 10:31:44 AM Report

If Sherry and the SK Group "took care of this problem immediately" why can people Google themselves and still find their information still out there? They not only needed to stop the privacy breech but also delete the information that got onto Google too!
Extreme breech of privacy, for sure I would look into suing both SAH and SK Group!
zeke_1979 10/26/2013 7:43:29 PM Report

@jojo12345, hospitals don't run on volunteers. Maybe you should look at your own lack of skills as a reason why you didn't get a job.
jojo12345 10/29/2013 2:10:18 AM Report

otterwatcher 10/29/2013 9:49:18 AM Report

If the S K Groups contract is not ended by SAH there is truly something wrong.

Will there be any faith in future services? Will patient privacy be next to be breached? How can we trust this?

Has anyone contacted a LAW firm yet to sue? Let me know.
privacy lawyer 5/13/2014 2:25:40 PM Report

I am working on hospital privacy breaches and would be very interested in speaking with the VICTIMS of this breach - 1.855.594.5490.
Note: Comments that appear on the site are not the opinion of If you see an abusive post, please click the link beside the post to report it.
Advertising | Membership | Terms of Service | Privacy Policy | About | Contact Us | Feedback

Copyright ©2014 - All rights reserved