Hundreds of thousands of B.C. health care workers private information stolen during a cyber attack earlier this month.
HEABC president and CEO Michael McMilla said the server was shut down immediately after the attack was discovered on July 13, 2023 and had the data moved to a clean server not involved in the incident.
The server that was breached hosted websites for Health Match BC (HMBC), the BC Care Aide and Community Health Worker Registry and the Locums for Rural BC program.
The news release said officials have yet to determine exactly which information was taken, the server is rich with data, approximately 240,000 email addresses along side other personal private information.
“The personal information that may have been taken through the attack varies significantly by program and individual but could include personal email addresses, birthdates, social insurance numbers, passport information, driver’s licences, educational credentials, investigative reports and other information relating to individual dealings with the relevant programs,” he said.
“I sincerely regret that this attack happened, and I want to reassure everyone that we are working with cybersecurity and privacy experts to address the incident, safeguard against future attacks, and notify and support individuals whose personal information may have been involved.”
The breach does not affect any patient records or data within the provincial government’s health-care network, Health Minister Adrian Dix said.
“I want to be clear that there are no successful breaches on the bc government data systems, no patient information and no information in government systems have been compromised,” Dix said.
“The ministry and health authorities have security measures to protect our systems against attacks and are committed to strong privacy and security control. we’re continuously assessing health sector applications and infrastructure for vulnerabilities to cybersecurity threats.”
McMilla said it’s currently unknown what the attackers had access to so its being treated as if all information was potentially taken.
McMillan stated that the HEABC contacted British Columbia’s information and privacy commissioner, the Canadian Centre for Cyber Security, and law enforcement about the data breach and initiated its own investigation with the assistance of third-party cybersecurity expert.
HEABC is currently contacting the individuals potential affected by the breach and offering two years of credit monitoring and identity protection services with Equifax.
Public facing websites currently remain down but anyone with a registered account can still log in and view its contents. New users can access Health Match BC and Locums for Rural BC job boards by contacting the individual programs to set up an account
