Cyberattack on B.C. health employer websites may have taken personal information - Action News
Home WebMail Wednesday, November 13, 2024, 02:24 AM | Calgary | -2.2°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
British Columbia

Cyberattack on B.C. health employer websites may have taken personal information

Cyberattacktargeted three websites recruiting health professionals to B.C.: Health Match B.C., Locums for Rural B.C. and the B.C. Care Aide & Community Health Worker Registry.

Cybercriminals may have taken social insurance numbers, addresses, passport and driver's licence details

Hands are seen typing on a keyboard
The cyberattacktargeted three websites: Health Match B.C., Locums for Rural B.C. and the B.C. Care Aid & Community Health Worker Registry. (Jonathan Hayward/Canadian Press)

A cyberattack on three websites hosted by the HealthEmployers Association of British Columbia may have seized the personalinformation of thousands of people working or applying to work in B.C.'s public health care sector.

Michael McMillian, CEO of the association, said stolen information could include social insurance numbers, home addresses, passport and driver's licence details, along with other personal information.He said 240,000 email addresses alone were possibly taken.

The cyberattacktargeted three websitesrecruiting physicians, nurses and other health professionals: Health Match B.C., Locums for Rural B.C. and the B.C. Care Aide & Community Health Worker Registry.

B.C. has been on a major recruitment drive to attract desperately needed health-care workers to the province.

One of the compromised sites was used to recruit physicians, registered nurses and other health professionals on behalf of health employers. The others helped with vacation coverage for rural doctors and registered care aides working in places including long-term care facilities.

"I sincerely regret this event happened and I want to reassure everyone that we are working with cybersecurity and privacy experts to address the incident," said McMillian.

"We know that not all of the information in the potentially affected databases was taken, however, at this time we are not able to conclusively determine which information was involved," he said.

Individual health records have not been affected and the breach isnot associated with aransomware attack, according to McMillian.For now, anyone wanting to register for the programs won't be able to do so online but can contact the programs directly, he added.

In the aftermath of the cyberatttack, a message on the BCHEA website says the affected websites are down for maintenance.
In the aftermath of the cyberatttack, a message on the BCHEA website says the affected websites are down for maintenance. (BCHEA)

The CEOsaid the association will reach out to everyone whose information may have been compromised over the next few days to offer them two years of monitoring by the credit agency Equifax.

The attack was detected on July 13, although McMillian says the hackers responsible were found to have been in the system between the dates of May 9 to June 10.

A bald white man looks at the camera with a white background behind him.
Michael McMillan, President and CEO of the Health Employers Association of British Columbia, said the perpetrators behind the attack have not yet been in touch. (Ethan Cairns/CBC)

The three programs affected continueto operate but with the public-facing websites down, new applicants must contact administrators directly to register.

"This is not as efficient, but these temporary measures will enable potential health-care workers the opportunity to continue to apply and come work in our province," said Health Minister Adrian Dix.

HEABCsaid it didn't knowwhat the total costs will be to address and remedy the cybercrime.It saidaffected individuals will be offered free fraud andidentity protection services for two years.

McMillian declined to divulge how hackers gained access to the system.He said the organization has not yet been contacted by the perpetrators.

A bald white man is pictured in the background, with another white man's silhouette visible in the foreground.
Health Minister Adrian Dix said he hopes the hack does not slow the province's recruitment efforts, with HEABC CEO Michael McMillan adding that the agency would provide two years of credit monitoring for those affected. (Ethan Cairns/CBC)

"I can't reveal any details of the actual cybersecurity incident at this point. It is still an active investigation, including law enforcement," he said.

McMillian said police, the Office of the Information and Privacy Commissioner for B.C., the Health Ministry and the Canadian Centre for Cybersecurity have been informed of the breach.

He said the potentially compromised information has all been transferred to a "clean server" with extra security.Dix said all existing users of the programs have access to their accounts through temporary websites set up on the clean server.

The Health Employers Association is the bargaining agent for 200publicly funded health-care employers, representing 170,000unionized workers including physicians, nurses, healthscience workers and paramedics.

With files from The Canadian Press's Ashley Joannou