A SooToday.com reader has informed us that he has been the target of unsolicited emails, texts and telemarketing calls, and claims this is the result of a mishap involving the Sault Area Hospital (SAH) website's online job application system.
The reader was notified by SAH in a letter dated October 24, 2013 that an accidental privacy breach led to information contained in online applications to SAH being made available through world wide web Google search results.
Resumes and cover letters submitted through a new database on SAH's website from August 16 to October 2 were accidentally made available to Google because the vendor (the company which designs and hosts SAH's website) did not enable the database security settings.
The situation was explained, and apologized for, in a letter sent from SAH to affected job applicants.
It is estimated by SAH approximately 500 applicants were affected.
Upon discovery of the problem, SAH and its vendor took immediate action and security settings on the SAH website were activated.
Google was notified and the mammoth search engine removed the affected job applications.
SAH Public Affairs Officer Rose Calibani told SooToday.com: "On October 2, we received a phone call from a community member who informed us their resume appeared online."
"We immediately looked into it and rectified it. Literally, within an hour, we had the privacy settings on."
"The vendor didn't enable the privacy settings on the database so they were enabled immediately and Google was notified. It took several hours for Google to remove the applications from their cache," Calibani said.
Calibani emphasized: "This database error has nothing to do with our information technology department at Sault Area Hospital. It totally concerns the vendor."
"We've been working very closely with the vendor and they're well aware of our issues. Those issues have been rectified and the vendor understands the implications of what's happened. Both the Hospital and the vendor have worked closely to rectify the situation, to make sure it doesn't happen again."
Calibani also emphasized: "It's really important for people to understand this in no way, shape or form impacts the integrity of any patient's healthcare information. This is not a healthcare privacy breach, because there seems to be some confusion over that."
Calibani told us two affected job applicants have called SAH to complain about the development.
Regarding anyone who feels they have become the target of unsolicited emails, texts and telemarketing calls as a result of this development, Calibani said: "Certainly this was an error and we understand there could be consequences for people."
"If people have any concerns they can certainly speak to us or take it up with the Privacy Commissioner of Canada."
While Calibani and other SAH staff have declined to name "the vendor" involved, the SAH website indicates it is designed and hosted by SK Group, a Sault Ste. Marie marketing firm.
SK Group President Sherry Berlinghoff told SooToday.com Friday: "We took care of this problem immediately."
"We stayed on it continually…we did not wait for Google to respond, we broke all the links and did everything we were supposed to do."
In regard to any of the affected SAH online job applicants receiving unsolicited emails, texts and telemarketing calls as a result of the security breach, Berlinghoff stated: "I have no knowledge of that. I can't see that being the culprit."
"I don't see a link between the two, and we're still monitoring it," Berlinghoff said.