PharmaNet breach compromises personal information of 7,500 B.C. residents, says province
Government says unknown individuals accessed the information at least four times in the last five months
The personal information of approximately 7,500 British Columbians may have been compromised through the provincial government's PharmaNet system, according to the Ministry of Health.
A letter from the ministry was sent last week to B.C residents affected by the breach. The letter says an "unknown/unauthorized person obtained and used a physician's login to access PharmaNet."
PharmaNet is the province-wide network that links all B.C. pharmacies to a central information system.
According to the letter, obtained by CBC News, personal information such as individual names, addresses, dates of births, and Care Card numbers have been viewed.
The government confirmed the accuracy of the letter Wednesday evening, and said an investigation affecting 14 physicians is underway.
They also said that of the approximately 7,500 individuals who had their profiles viewed, 80 also had their medication history over the past 14 months viewed.
"The Ministry of Health has begun to send letters to all patients and doctors affected by the breach, notifying them of the incident and advising them of precautionary steps they can take to protect themselves from identify theft," wrote the ministry in a statement.
"Health Ministry staff are also working with the affected physicians and their offices and Pharmanet system vendors to identify security measures that should be put in place to provide increased protection, such as regularly changing passwords and using a secure internet provider."
There are four individual incidents, all of which have taken place since the fall of 2016, being investigated by the Ministry of Health and the Corporate Information and Records Management Office of the Ministry of Finance.
The ministry said it did not know how the breach occurred.
Not the first PharmaNet breach
This isn't the first time PharmaNet files have been breached unknowingly. Between March 9 and June 19 2014, about 1,600 patients had their private data in the prescription system accessed by an unknown hacker.
- B.C. PharmaNet hit by hacker, 1,600 accounts breached
- 'Serious deficencies' blamed for 3 B.C. health data breaches
- Less than half of B.C. doctors thoroughly check patients' prescription history, says researcher
In that case, ministry officials said the unauthorized person used a doctor's account, of which the doctor wasn't aware.
The repeated breaches alarmed one Opposition MLA, who accused the government of failing to protect the privacy of British Columbians.
"It always concerns me when I see a breach, but what concerns me more is when I see repeated examples of the same sorts of breaches and the same sorts of problems and repeated assurances that they'll never happen again," said MLA Doug Routley, NDP critic for Freedom on Information and Privacy Protection.
"Government must protect your personal information, they're failing to do that."
'Starting point' for identify theft, says ministry
The ministry of health letter to patients, dated Feb. 6, 2017, states there is "no other private information, such as banking, attached to your record," but says "the information gathered could possibly be used as a starting point for identity theft."
"We encourage you to take precautions to safeguard your other personal information," it says and suggests those affected may want to seek out the services of a credit monitoring company.
The Ministry of Health says it has begun sending letters to all patients and doctors affected by the breach, and is working with affected physicians to identify security measures that should be put in place to provide more protection.
In addition, various medical groups have been notified including Doctors of BC, the College of Physicians and Surgeons BC, the Canadian Medical Association and the Office of the Information and Privacy Commissioner.
"Government and all of our agencies take the protection of personal information of patients very seriously," the ministry wrote.
"We're doing everything we can to identify the source of the problem and make the necessary improvements to ensure that breaches like this do not occur in the future."
With files from Justin McElroy and Richard Zussman