The premise sounds hard to believe.
Records for everyone with a health card in the NWT were being carried around in a laptop by a GNWT employee while attending a conference in Ottawa. The laptop was stolen. We don't know how.
But since the 33,661 unique medical records weren't encrypted, it could be easily accessible to anyone who might end up with that laptop.
Maybe the computer wasn't stolen by some criminal mastermind involved in an international medical information ring. More than likely, the thing was exchanged in some alley for drugs and the people who received it have no idea what's in those folders.
But that's impossible to know. Someone could discover the treasure trove of personal data and decide to peddle it to the black market; to a sophisticated criminal who creates false identities. Or who might want to blackmail high-profile patients who wouldn't want some extremely personal information about their health made public.
The bottom line is, the health department really screwed up. And it's not the first time this area of the GNWT has been unable to protect patients' privacy.
In 2016 the Beaufort Data Health and Social Services Authority confirmed 67 patients had been notified their information was compromised. That followed another massive breach in 2014 when a physician lost a USB drive at Stanton Territorial Hospital containing personal information for 4,000 patients.
After the breach in 2016 the department was supposed to give all staff privacy training. To date, 30 to 50 per cent of employees have undertaken the new training. That's unacceptable. Why haven't all employees been trained? How long is something like that supposed to take?
Said the deputy minister Bruce Cooper: "This issue is not about training. This is a theft of a device that we thought was encrypted and turned out wasn't so it's reasonable for our department to to believe that we were following best practice in protecting privacy."
So in the end, if "best practice" is to take the territory's entire data bank on patients on a trip in an unsecured laptop to Ottawa, we wonder how beneficial training the health department employees to that sorry standard is in the first place.
There is an entire wing of the health department dedicated to privacy. Several highly paid personnel go to work each day tasked with keeping health information secure.
This incredible gaffe requires an investigation and detailed public explanation. Health Minister Glen Abernethy needs to demand better of his department. A person's personal medical information is something that we trust the government won't handle recklessly.
But the sheer insanity of having every medical record from the entire territory in one laptop is stupefying to even the most casual observer.
Why would all that information be needed by someone at a conference? Couldn't that data be accessed remotely through a secure server?
This is such a boondoggle it begs the question: what other areas of the health department are failing?
This incident has deeply damaged the department's reputation as a protector of patient privacy. The remedy will require much more than lip service if the GNWT hopes to restore public confidence.