FILE - British Columbia Privacy Commissioner Michael McEvoy speaks during a news conference in Ottawa on April 25, 2019. THE CANADIAN PRESS/Adrian Wyld

‘Major breach’ of B.C. health-care data could happen without anyone noticing: report

Vulnerabilities at PHSA have existed uncorrected since 2019, says info and privacy commissioner

British Columbians’ medical information is at an unnecessary risk of being hacked, a new investigation from the Information and Privacy Commissioner has found.

Commissioner Michael McEvoy said the Provincial Health Services Authority (PHSA) is failing to protect residents’ records and has known about security and privacy vulnerabilities within its system since 2019.

B.C.’s health records database, known as the Provincial Public Health Information System, is used to store information from peoples’ mental and physical well-being, to their sexual health and any infectious diseases they may have.

“Our findings were concerning. Because there are no proactive processes in place to monitor for suspicious activity, a major breach of the database could occur today, and no one would know,” McEvoy said.

The investigation identified a number of vulnerabilities that need to be address immediately, including: a lack of proactive auditing for suspicious activity; no ongoing program for managing application vulnerabilities; not encrypting personal information; and, no universal requirement for multi-factor authentication to access the database.

More to come.

Healthcare

