BCIT warns medical database security breached
Personal and medical information of 12,680 students compromised
BCIT has issued a warning to students and staff after one of its computers servers containing the personal medical records of more than 12,680 students was hacked.
The Vancouver-area post-secondary school says a regular security audit determined an unauthorized third party accessed the server used by the school's Burnaby Student Health Services Medical Clinic.
"To date, it appears the only unauthorized activity that has taken place is the uploading and downloading of movies onto this server," said a statement issued by the school on Thursday.
"At this time, and to the best of our knowledge, there is no indication that any personal information has been improperly accessed or misused; however BCIT is treating the possibility of unauthorized access to personal information very seriously," said the statement.
The student information stored on the server dates from October, 2005 to June 11, 2012 and includes the following personal information that is collected for billing purposes:
- Date of birth.
- Medical Services Plan (MSP) number.
- Personal Health Number (PHN).
- Phone number.
- Treatment billing codes and descriptions.
"If individuals have received a letter from BCIT and have reason to believe their personal information has been compromised or used inappropriately they should check www.bcit.ca/privacy for more information or email email@example.com." said the statement.
The school apologized for the breach and said it is reviewing its security processes and is working with the Office of the Information and Privacy Commissioner for British Columbia to ensure privacy standards are upheld.
BCIT spokesman David Pinton said an analysis also shows that whoever broke into the system may not have been looking for private information, but for private entertainment.
"The name of the game, it looks like, was to get a nice big internet connection and then upload and download movies," Pinton said.
In January a break-in at the University of Victoria resulted in the theft of personal information — including bank account numbers — for more than 11,000 current and former employees at the university.
With files from the CBC's Emily Elias