Privacy & Security
Hacker used doctor’s ID to access records
July 23, 2014
VICTORIA – About 1,600 patients had their private data in the provincial PharmaNet prescription system accessed by an unknown hacker, a British Columbia investigation has revealed.
B.C. health ministry officials say the unauthorized person used a doctor’s account to access the prescription medication database between March 9 and June 19. The doctor was unaware of the breach.
The privacy breach included the names, birth dates, addresses, telephone numbers and health numbers of 1,600 people. About 34 people also had their personal medical history accessed.
The ministry says all those affected will be notified by mail of the breach and will be offered free services to help prevent identity theft and bank fraud.
“While this privacy breach did not include banking information, enough information was accessed to be used for identity theft,” said a statement released by the ministry.
“The ministry encourages affected people keep a close eye on their bank accounts, credit cards, and online identity and services.
“Those affected can contact their local pharmacy to put a keyword on their PharmaNet profile. They can also request, through Health Insurance BC, a Medical Services Plan alert, which prompts health professionals to ask for a second piece of identification when a person uses his or her personal health number (BC Services Card or Care Card number).”
The hacker did not use the system to create fake medical prescriptions, say officials.
It is not the first major privacy breach affecting B.C. residents’ data.
In 2013, the government announced that the personal health data of millions of British Columbians was accessed without proper authorization as part of university research.
In the same year, the personal information of about 16,000 patients of a medical lab in Kamloops went missing when a computer was sent for servicing.
In 2012, an investigation concluded the University of Victoria had failed to protect the private records of thousands of employees stored on a stolen computer memory card.
In 2011, B.C.’s Information and Privacy Commissioner launched an investigation into two incidents involving government medical records that were lost in one case, and found dumped in the trash in the other.