A cyberattack on three websites hosted by the British Columbia Health Employers Association may have seized the personal information of thousands of people working or applying for jobs in the BC public health care sector,
Michael McMillian, the association’s chief executive, said the stolen information could include social security numbers, home addresses, passport and driver’s license details, along with other personal information. He said possibly 240,000 email addresses were taken.
The cyberattack targeted three websites that recruit doctors, nurses, and other health professionals: Health Match BC, Locums for Rural BC, and BC Care Aide & Community Health Worker Registry.
BC has been on a major recruitment drive to attract desperately needed healthcare workers in the province.
“I sincerely regret that this event occurred and I want to assure everyone that we are working with cybersecurity and privacy experts to address the incident,” McMillian said.
“We know that not all of the information in the potentially affected databases was taken, however at this time we cannot conclusively determine what information was involved,” he said.
Individual health records have not been affected and the breach is not associated with a ransomware attack, according to McMillian.
The attack was detected on July 13, though McMillian says the hackers responsible were found to have been on the system between the dates of May 9 and June 10.
All three affected programs continue to operate, but with the websites open to the public down, new applicants must contact the administrators directly to register.
“This is not as efficient, but these temporary measures will allow potential healthcare workers the opportunity to continue applying and coming to work in our province,” Health Minister Adrian Dix said.
HEABC said it did not know what the total costs will be to address and remediate cybercrime. He said affected people will be offered free fraud and identity protection services for two years.
McMillian declined to divulge how the hackers gained access to the system.
“I cannot disclose any details of the actual cyber security incident at this time. It is still an active investigation, including law enforcement,” he said.
The Health Employers Association is the bargaining agent for 200 publicly funded health care employers, representing 170,000 unionized workers, including doctors, nurses, health science workers and paramedics.