B.C. Health Minister Adrian Dix speaks during an announcement, in Vancouver, B.C., Friday, June 9, 2023. THE CANADIAN PRESS/Darryl Dyck

Cyberattack on B.C. health websites may have taken personal information

240,000 email addresses may have had their personal data compromised

A cyberattack on three websites hosted by the Health Employers Association of British Columbia may have seized personal information associated with 240,000 email addresses.

The illegally breached server hosted three sites managed by HEABC: Health Match BC, the BC Care Aide and Community Health Worker Registry and the Locums for Rural BC program, the association told reporters during a press conference in Vancouver Tuesday (Aug. 1). It’s limited to specific application formers and other information on a server that supports the three sites.

It was on July 13 that the association learned information had been taken from its systems, which could have included personal information. HEABC immediately shut down the affected server and websites, connecting with cybersecurity experts to launch an investigation to determine the scope and nature of the attack.

While not all information from the three sites were taken, the association is unable to conclusively determine which information was taken and “is therefore treating all the information as having been potentially taken.”

CEO Michael McMillan said information obtained could include social insurance numbers, home addresses, passport and licence details and other personal data. It does not impact health records throughout the health-care sector.

“We recognize this may create questions and concerns for individuals. I sincerely regret that this potential breach happened and reassure everyone that we are working with cybersecurity and privacy experts to address the incident, safeguard against any future vulnerabilities, and notify and support individuals whose personal information may have been involved.”

McMillan says they’ll be reaching out to everyone whose information may have been compromised and will offer them two years of monitoring by the credit agency Equifax.

He says investigators cannot “conclusively determine” which information may have been stolen but caution demanded that they assume all information has been compromised.

The Health Employers Association is the bargaining agent for 200 publicly funded health care employers, representing 170,000 unionized workers, including physicians, nurses, health science workers and paramedics.

Additional information and ongoing updates will be available online at heabc.bc.ca.

READ ALSO: Labour experts urge caution ahead of union vote that could end B.C. port dispute

READ ALSO: B.C. student loan websites down for hours after apparent hack

cybersecurityHealth