Thousands of B.C. health-care workers’ information exposed in data breach

globalnews.ca:

A major cyber attack in British Columbia may have resulted in the theft of personal information belonging to hundreds of thousands of people working in the province’s health-care sector.

At a briefing Tuesday, health officials revealed the attack targeted three professional service websites hosted by the Health Employers Association of British Columbia (HEABC), which represents 200 public health sector employers and conducts most bargaining with health-care workers.

Attackers were able to access a server hosting the sites and application forms for Health Match BC, the BC Care Aide and Community Health Worker Registry, and the Locums for Rural BC programs.

HEABC president and CEO Michael McMillan said the attack was discovered July 13, and that officials immediately shut the server down and moved data to a clean server with more security.

He said officials have not been able to conclusively determine which information was taken, but that the server hosted about 240,000 email addresses, along with other data.

“The personal information that may have been taken through the attack varies significantly by program and individual but could include personal email addresses, birthdates, social insurance numbers, passport information, driver’s licences, educational credentials, investigative reports and other information relating to individual dealings with the relevant programs,” he said.

“I sincerely regret that this attack happened, and I want to reassure everyone that we are working with cybersecurity and privacy experts to address the incident, safeguard against future attacks, and notify and support individuals whose personal information may have been involved.”

The breach does not affect any patient records or data within