A computer server housing personal medical data on nearly 13,000 students and staff at Canada’s British Columbia Institute of Technology (BCIT) was breached.
How many victims? More than 12,680 students and staff.
What type of personal information? Names, dates of birth, Medical Services Plan (MSP) numbers, Personal Health Numbers (PHN), phone numbers, addresses, treatment billing codes and descriptions.
What happened? A routine security audit revealed that an unauthorized third party accessed a server used by Vancouver area-BCIT’s Burnaby Student Health Services Medical Clinic to upload and download movies. According to a statement from the school, the records stored on this server contained student information for those who visited the clinic from October 2005 to June 11.
What was the response? BCIT President Don Wright sent an apology and alert to those whose information may have been compromised, and suggested they visit www.bcit.ca/privacy for more information. He said steps are being taken to mitigate further incursions. In addition, his office is working with the Office of the Information and Privacy Commissioner for British Columbia.
Quote: “At this time, and to the best of our knowledge, there is no indication that any personal information has been improperly accessed or misused; however BCIT is treating the possibility of unauthorized access to personal information very seriously.” – BCIT President Don Wright
Source: CBCNews, “BCIT warns medical database security breached,” July 5, 2012.