Cybercriminals may have gotten people’s SSNs, addresses, passport numbers, and driver’s license numbers
A cyberattack on three websites run by the Health Employers Association of British Columbia may have given hackers access to the personal information of thousands of people who work or want to work in the public health care sector of B.C.
CEO of the association Michael McMillian said that stolen information could include Social Security numbers, home addresses, passport and driver’s license information, and other personal information.He said that just 240,000 email addresses might have been taken.
The cyberattack was aimed at three websites that hire doctors, nurses, and other health professionals: Health Match B.C., Locums for Rural B.C., and the B.C. Care Aide & Community Health Worker Registry.
B.C. has been doing a lot of recruiting to bring in the health care workers it needs so badly.
McMillian said, “I’m very sorry that this happened, and I want everyone to know that we’re working with cybersecurity and privacy experts to deal with it.”
“We know that not all of the information in the possibly affected databases was taken, but we can’t say for sure which information was taken at this time,” he said.
McMillian says that individual health records have not been affected and that the breach is not related to a ransomware attack.
The attack was discovered on July 13, but McMillian says that the hackers who did it were in the system between May 9 and June 10.
The three affected programs are still running, but because the websites for the public are down, new applicants must contact the program administrators directly to sign up.
“This is not as effective, but these temporary steps will give people who want to work in health care in our province a chance to keep applying and come work here,” said Health Minister Adrian Dix.
HEABC said it didn’t know how much it would cost to deal with and fix the cybercrime as a whole.It said that people who were affected will get free fraud and identity protection services for two years.
McMillian would not say how the hackers got into the system.
“At this point, I can’t say anything about the actual cybersecurity incident. It is still being looked into, and law enforcement is involved,” he said.
The Health Employers Association negotiates on behalf of 200 publicly funded health care employers and 170,000 unionized workers, such as doctors, nurses, health science workers, and paramedics.