PharmaNet privacy breached

UPDATE 5:00 P.M. 

About 1,600 British Columbians are being told to keep a close watch on their banking and credit card records following a security breach of their personal information.

The breach involved an unauthorized person using a doctor's PharmaNet account to gain access to names, birth dates, addresses, phone numbers and health numbers, said a government statement issued Friday.

"It looks like someone broke into the PharmaNet accounts of two doctors, and used one to look at personal information," Health Minister Terry Lake said in the statement. "We have stopped the unauthorized access and are now starting to notify those who were affected."

An audit of PharmaNet, the prescription dispensing information system, found the breach occurred between March 9 and June 19.

The statement said banking records were not involved but enough information was accessed to be used for identity theft and that people should keep a close eye on their bank accounts, credit card statements and other financial services.

"I apologize to anyone affected for the worry and inconvenience this may cause," Lake said. "The Ministry of Health is offering free credit protection services to people affected by this incident so they can safeguard their personal information. British Columbians expect the Ministry of Health to safeguard their personal medical information, and as Minister of Health, I take that responsibility very seriously."

Lake said the ministry is sending letters to people hit by the breach, with contact information if they have any concerns.

The ministry and the government's Office of the Chief Information Officer are investigating.

George Heyman, the NDP's citizens services critic, said the government has previously been warned to tighten its security protection measures, especially when it comes to people's health records.

"If one person can get a doctor's number and breach security, presumably other people can do it as well," Heyman said. "That's why the system in place to protect security needs to be tight. So we don't know if this is going to happen again, or, in fact, it may have happened before."

Heyman said former auditor general John Doyle reported in February 2013 that the government's 10-year private health security contract has shown some improvements, but two monitoring tools intended to identify privacy breaches were not implemented as expected.

In January 2013, the Health Ministry sent letters to 38,000 British Columbians affected by a different data privacy breach involving information used by researchers. Seven ministry employees lost their jobs.

In July 2011, former assistant deputy health minister Ron Danderfer was sentenced to two years' probation and fined nearly $4,000 after pleading guilty to breach of trust charges for accepting a benefit while awarding contracts linked to the computerization of health records.

---

ORIGINAL:

As many as 1,600 British Columbia residents are being warned that their privacy has been breached through unauthorized access of the PharmaNet system.

The Health Ministry says an audit of the prescription dispensing information system found that between March 9 and June 19 an unknown, unauthorized person used a doctor's PharmaNet account without that person's knowledge.

The ministry says the breach involved names, birth dates, addresses, phone numbers and personal health numbers.

While the breach didn't include banking information, the ministry says enough information was accessed to be used for identity theft and it's encouraging people to keep a close eye on their bank accounts, credit card statements and other financial services.

People who have been affected are being contacted by letter, which will explain the situation, tell them who to contact with concerns and provide information about free credit protection services.

The ministry and the BC government's Office of the Chief Information Officer are investigating the breach.