Database of British Columbians’ personal health information is ‘disturbingly’ vulnerable: privacy watchdog | 24CA News
Millions of extremely delicate private well being data about individuals accessing well being care in British Columbia have been left “disturbingly” weak to leaks after the provincewide well being authority failed to handle safety considerations lately, a brand new report has discovered.
The Office of the Information and Privacy Commissioner for B.C. printed a report Thursday saying the Provincial Health Services Authority (PHSA) has recognized concerning the “troubling” stage of publicity because it audited its personal system in 2019, however hasn’t accomplished sufficient to handle the difficulty.
“There is an enormous volume of sensitive personal information that, if breached, could cause a significant list of harms including embarrassment, loss of dignity, family breakdowns, and even physical harm to individuals if it was accessed improperly,” learn the report from the privateness watchdog.
“One would expect the highest degree of privacy and security would be in place to protect our personal information from such intrusions … But as we learned during our investigation, this is not so.”
Database holds roughly 6 million data
The PHSA works with regional well being authorities to offer care throughout B.C. and oversees specialised hospitals and centres, together with B.C. Children’s Hospital, B.C. Cancer and the B.C. Centre for Disease Control.
It runs a database known as Panorama, which maintains affected person info for six million individuals who have accessed care from well being authorities in B.C. It additionally contains info on sufferers who’ve died or left the province, in addition to some dwelling in Yukon.
The private info contains all method of interactions with the health-care system, from vaccination standing to psychological well being evaluations to a file of sexually transmitted infections, together with HIV. It contains any details about pregnancies, together with their consequence, in addition to drug and alcohol use.
The database additionally holds addresses and different private info for migrant employees within the province.
Security gaps imply the system may be abused by “bad actors,” from cyber criminals to individuals on the lookout for details about an ex.
“It should go without saying that the nature of this personal information is amongst the most sensitive and voluminous data held about us by any public body,” the report stated.
“Every British Columbian should be troubled by these findings, because it means personal information in the system is vulnerable to misuse and attack.”
PHSA upgraded system
In a press release, PHSA stated it upgraded Panorama in July and is working to enhance its audits.
”PHSA takes privacy very seriously and on behalf of patients, clients and families throughout British Columbia, we are continually taking steps to ensure that people’s sensitive and private information is secure and protected,” wrote PHSA president and CEO David Byres.
The report discovered many areas the place the system is weak. One explicit concern was that the system does not have tech in place to detect a possible safety breach whereas it is occurring — solely afterward.
“Neither a malicious attack nor an authorized employee abusing their credentials is likely to be caught in the act,” the report stated.
Roughly 4,000 individuals have entry to Panorama, together with health-care employees and ministry officers doing public well being surveillance to trace unfold of ailments like COVID-19.
There isn’t any multi-factor authentication required to entry the system, the report says. There can be no infrastructure in place to mechanically detect whether or not somebody has accessed the system for inappropriate causes, neither is there a login alert like many customers obtain when somebody logs into their e mail or social media accounts. Personal info throughout the database isn’t adequately encrypted, both.
The privateness commissioner’s report, launched Thursday, adopted an audit final 12 months inspecting PHSA’s cybersecurity threat.
The remaining report by B.C.’s auditor basic discovered hundreds of medical gadgets used to diagnose and deal with individuals lack efficient cybersecurity protections, leaving the authority weak to a cyberattack that “could harm patients and significantly disrupt hospital operations.”
