VICTORIA — Sensitive personal health records, from mental health to sexually transmitted disease histories, are “disturbingly” vulnerable to leaks, according to a new report from B.C.’s privacy watchdog.
Information and privacy commissioner Michael McEvoy says in a report released by his office that security gaps in the public health computer system put it at risk of abuse by bad actors, from cyber criminals to jilted lovers looking for information about an ex.
The report says collecting and storing personal information is vital to the delivery of health care and managing threats like communicable disease outbreaks, but the system’s “entry gate” is weak and the industry standard of multi-factor authentication for access is not universally required.
McEvoy says it’s “troubling” that the Provincial Health Services Authority, which is responsible for managing the system, has known about the risks since at least 2019 and made little progress to address them.
The health authority did not immediately respond to a request for comment.
The report makes seven recommendations to address the system’s privacy and security risks, including encrypting personal information.
“Every British Columbian should be troubled by these findings, because it means personal information in the system is vulnerable to misuse and attack,” the report says.
This report by The Canadian Press was first published Dec. 15, 2022.