Hey there, time traveller!
This article was published 27/5/2017 (1336 days ago), so information in it may no longer be current.
Personal and medical information of more than 1,000 Prairie Mountain Health patients are at risk after an internal website was hacked.
The regional health authority, in a statement Friday, said they do not believe the intent of the hack was to access personal information, but conceded they cannot exclude the possibility that identifiable personal details were viewed or copied.
The security breach may have jeopardized the personal details of as many as 1,176 clients in the "northern portion of PMH" and 453 PMH and affiliate employees, though the "likelihood is low" that personal information was compromised, the health authority stated
The hack was identified on April 5 this year, and each person affected has received written notification of the security breach, PMH said.
"Anytime there has been a compromise of personal or personal health information, we remain concerned," PMH CEO Penny Gilson said in a statement. "However, we carried out our best efforts to notify impacted individuals as soon as reasonably possible so that any necessary precautions could be taken."
The content of the letter, received by The Brandon Sun, stated the personal health information stored on the website included patient care reports for ambulance transports from 2013 to the present year.
Details like name, date of birth, personal health identification number, address and phone numbers were enclosed, the letter stated, as well as specifics about the emergency visit like the individual’s health condition and treatment they received.
PMH believes the hack was intended to transmit a virus into files maintained within the website.
"The information at risk was not stored in a way that would be easily extracted for further use by the attacker," Gilson explained, referencing that an entire database was not compromised. "It was limited to select files only and would have required going through each individual file and transposing, in the case of client information, handwritten information."
A source at PMH, who did not want their name disclosed for risk of discipline for speaking, understood that fellow staff did not consider the hack a malicious attempt at stealing data.
"They left a few faces, just to show they accessed it," the employee said, referring to the hacker allegedly leaving behind emojis as evidence.
PMH has taken containment and prevention actions as a result of the hack, the health authority said.
Laurie Thompson, executive director for the Manitoba Institute for Patient Safety, said any breach to a person’s personal health information is troublesome.
Referring to the Personal Health Information Act, she said the legislation ensures the privacy of such sensitive information is respected and that "any breach of that is obviously a concern."
» Twitter: @ianfroese