Security breach found at BCIT campus health clinic
B.C. Institute of Technology have discovered a security breach in which an unauthorized person accessed a computer server containing personal information of patients at the student health clinic on the Burnaby campus.
The breach was found during a recent scheduled security audit by BCIT's information technology services department.
The records on the server date from October, 2005 to June 11, 2012. They include information collected and used for billing purposes at the clinic—name, date of birth, Medical Services Plan (MSP) number, Personal Health Number (PHN), phone number, address and treatment billing codes and descriptions.
"At this time, and to the best of our knowledge, there is no indication that any personal information has been improperly accessed or misused; however BCIT is treating the possibility of unauthorized access to personal information very seriously," said a BCIT press release.
Individuals who may have been affected—12,680 people had data stored on the server—have been sent a letter from BCIT informing them of the breach.
The server was taken offline immediately and its hard drives were removed and analyzed.
"To date, it appears the only unauthorized activity that has taken place is the uploading and downloading of movies onto this server."
BCIT has conducted an investigation and taken steps to mitigate the risk of personal information being compromised. It is also reviewing its physical, technical and administrative information security processes.
Anyone who has received such a letter from BCIT and believes their personal information has been compromised or used inappropriately can visit www.bcit.ca/privacy for more information or email privacy@bcit.ca.
COMMENTS
Let's keep comments:
We ask that all participants own their words by logging in with their Facebook account. It's a simple process that will take seconds and helps keep our comments free of trolls, cranks, and “drive-by” commenters.
We reserve the right to remove comments from anyone using screen names, pseudonyms or false identities. Please see our FAQ if you have questions or concerns about using Facebook to comment.