Image: Supplied by Canadian Press / A scathing report released Thursday (Dec. 15) by the B.C. information and privacy commissioner says the Provincial Health Services Authority is putting the confidential health information of B.C. residents at risk by not addressing security and privacy concerns of the public health database.

By Mike Vanden Bosch

B.C. public health records

Investigation finds provincial health authority is jeopardizing the confidential health records of B.C. residents

Dec 15, 2022 | 10:12 AM

VICTORIA — A damning report released today from the provincial information and privacy commissioner concludes that the Provincial Health Services Authority (PHSA) has jeopardized the personal information of British Columbia by failing to address security and privacy vulnerabilities in the public health database.

In a news release issued Thursday morning (Dec. 15), an investigation report released by Michael McEvoy, B.C.’s information and privacy commissioner, says the security and privacy vulnerabilities in the system it manages have been known to the PHSA since 2019.

The system, which is managed by the PHSA, holds personal health information, some of it very sensitive, about every British Columbian. It supports front-line health-care workers to deliver primary health care and helps public-health officials track the spread of infectious diseases, including COVID-19, the news release pointed out.

The commissioner launched this review following the PHSA’s failure to provide satisfactory answers to questions about the System’s privacy and security protections.

Section 30 of the Freedom of Information and Protection of Privacy Act (FIPPA) requires public bodies to take reasonable measures to protect personal information from security risks, such as unauthorized access.

Community Support

Chilliwack organization receives over $942K from Elements Casino

2h ago

Increased Spring Patrols

Stray bullet enters family car after illegal shooting in Mission backcountry

4h ago

Bell Acres Water System

FVRD to reduce water reservoir levels at Chilliwack River Valley area due to 'irregularities'

6h ago

Investigators examined how the PHSA protects the central database in the System to establish whether the PHSA has the necessary security and privacy measures in place to protect personal information.

Investigators found the system’s vulnerabilities requiring immediate attention include:

* a lack of proactive auditing for suspicious activity;

* no ongoing program for managing application vulnerabilities;

* not encrypting personal information within the database at rest; and

* no universal requirement for multi-factor authentication to access the system.

“Our findings were concerning. Because there are no proactive processes in place to monitor for suspicious activity, a major breach of the database could occur today, and no one would know. It is alarming to me that the PHSA has known about this and other vulnerabilities since 2019 – and has not fixed most of the problems,” McEvoy said.

The report recommends the PHSA take seven actions, including that the PHSA:

* acquire, configure and deploy a privacy-tailored proactive audit system;

* ensure a multi-factor authentication solution, meeting provincial standards, is used to log onto the System;

* encrypt personal information within the database at rest; and

* create appropriate written security architecture that includes full systems design documents and operations manuals for each component of the System.

“The System contains some of our most sensitive health information – matters relating to our mental and sexual health, infectious diseases and more. It is imperative that the PHSA put in place commensurate security measures to protect British Columbians from potential harms,” McEvoy said.

by Mike Vanden Bosch

Click here to report an error or typo in this article

Join Our Daily Email

Investigation finds provincial health authority is jeopardizing the confidential health records of B.C. residents

More Local News