Skip to main content

Private medical records not properly protected in British Columbia, privacy watchdog warns


The Office of the Information and Privacy Commissioner is warning that the system that stores the private medical information of British Columbians could be easily hacked.

The system is run by the Provincial Health Services Authority and keeps track of medical records such as immunizations, pregnancies and sexually transmitted infections.

It’s meant to be used by health-care professionals for better coordinated care, but after a months-long investigation, privacy commissioner Michael McEvoy found that information isn’t properly protected and there aren’t proactive measures in place to prevent suspicious activity.

“It’s absolutely concerning. Attacks against health data are very common,” said Brett Callow, a threat analyst for anti-virus software company Emsisoft.

“It’s something we see day in, day out. Hundreds of organizations have lost data. And when that data does get lost, it’s obviously bad for the patients, and it’s bad for the organization,” he said.

According to the report, the security and privacy vulnerabilities have been known to the PHSA since 2019.

“What we know now and the changes that we need to make are going to have to be a constant process of improvement because those who seek to undermine the privacy of the people, who are obviously up to no good, they’re going to get better and we have to get better,” said B.C. Health Minister Adrian Dix.

The report highlights several vulnerabilities that require immediate attention, including “a lack of proactive auditing for suspicious activity, no ongoing program for managing application vulnerabilities, not encrypting personal information within the database at rest and no universal requirement for multi-factor authentication to access the system.”

It recommends the PHSA take seven actions, including a proactive audit system, multi-factor authentication and encrypting data.

In a statement, the PHSA said it is working continuously to enhance its security and protect private information and will review the report.

“PHSA takes privacy very seriously and on behalf of patients, clients and families throughout British Columbia, we are continually taking steps to ensure that people’s sensitive and private information is secure and protected,” said PHSA president and CEO David Byres. Top Stories

Who is Usha Vance, the wife of Trump's running mate?

JD Vance has had several introductions to the American people: as the author of a memoir on what ails the White working class, as a newly elected Republican senator in his home state of Ohio and, on Monday, as his party’s nominee for vice president. His wife, Usha, has been by his side through it all.

Stay Connected