Advertisement

Thousands of B.C. health-care workers’ information exposed in data breach

Click to play video: 'Cyber attack targets personal information of B.C. health-care workers'
Cyber attack targets personal information of B.C. health-care workers
WATCH: The personal information of hundreds of thousands of B.C. health-care workers may have been compromised in a major cyber attack. Richard Zussman reports – Aug 1, 2023

A major cyber attack in British Columbia may have resulted in the theft of personal information belonging to hundreds of thousands of people working in the province’s health-care sector.

At a briefing Tuesday, health officials revealed the attack targeted three professional service websites hosted by the Health Employers Association of British Columbia (HEABC), which represents 200 public health sector employers and conducts most bargaining with health-care workers.

Click to play video: 'Personal information of B.C. health-care workers potentially stolen in cyber attack'
Personal information of B.C. health-care workers potentially stolen in cyber attack

Attackers were able to access a server hosting the sites and application forms for Health Match BC, the BC Care Aide and Community Health Worker Registry, and the Locums for Rural BC programs.

Story continues below advertisement

HEABC president and CEO Michael McMillan said the attack was discovered July 13, and that officials immediately shut the server down and moved data to a clean server with more security.

He said officials have not been able to conclusively determine which information was taken, but that the server hosted about 240,000 email addresses, along with other data.

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

“The personal information that may have been taken through the attack varies significantly by program and individual but could include personal email addresses, birthdates, social insurance numbers, passport information, driver’s licences, educational credentials, investigative reports and other information relating to individual dealings with the relevant programs,” he said.

“I sincerely regret that this attack happened, and I want to reassure everyone that we are working with cybersecurity and privacy experts to address the incident, safeguard against future attacks, and notify and support individuals whose personal information may have been involved.”

Click to play video: 'Privacy Commissioners: LifeLabs failed to protect customer data'
Privacy Commissioners: LifeLabs failed to protect customer data

The breach does not affect any patient records or data within the provincial government’s health-care network, Health Minister Adrian Dix said.

Story continues below advertisement

“I want to be clear that there are no successful breaches on the bc government data systems, no patient information and no information in government systems have been compromised,” Dix said.

“The ministry and health authorities have security measures to protect our systems against attacks and are committed to strong privacy and security control. we’re continuously assessing health sector applications and infrastructure for vulnerabilities to cybersecurity threats.”

Dix acknowledged that the attack “will cause considerable concern among the individuals who may have been affected,” but added that the HEABC had acted swiftly to secure data once it learned of the attack.

McMillan said the HEABC had notified B.C.’s information and privacy commissioner, the Canadian Centre for Cyber Security and law enforcement about the breach and launched its own investigation with the help of third-party cybersecurity experts.

While it is not yet clear exactly how many people whose information was on the system was affected, McMillan said out of an abundance of caution the HEABC was acting as if all of it had been accessed.

Click to play video: 'Personal data possibly compromised after privacy breach'
Personal data possibly compromised after privacy breach

The HEABC is in the process of notifying all potentially affected people and will be offering two years of service with Equifax, an international credit monitoring and identity protection firm.

Story continues below advertisement

In the meantime, the affected programs continue to operate, though their public-facing websites are down.

Health-care workers can still sign up for the programs by contacting them directly to register.

Dix said the province was working to ensure the breach did not significantly slow down B.C.’s efforts to recruit new health-care workers.

Sponsored content

AdChoices