Cyber Incident Victim: PharmaNet
Date:
Mar 2014
Location:
Canada
Summary
An unauthorized individual accessed British Columbia's PharmaNet prescription system by compromising a physician's account, exposing personal and medical information of approximately 1,600 patients. The breached data included names, birth dates, addresses, telephone numbers, health numbers, and medical histories for a subset of individuals, creating potential identity theft risks despite no banking details being compromised. Affected parties were notified and offered protective services including fraud monitoring and pharmacy profile alerts, while officials confirmed no fraudulent prescriptions were generated through the intrusion. This incident followed multiple prior breaches involving provincial health data systems over preceding years.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In July 2014, British Columbia's Ministry of Health disclosed a cybersecurity breach affecting the provincial PharmaNet prescription database. An investigation revealed that an unidentified hacker gained unauthorized access to approximately 1,600 patient records between March 9 and June 19 of that year. The attacker compromised the system by using a physician's legitimate credentials without the doctor's knowledge. This intrusion exposed sensitive personal information including patients' full names, dates of birth, residential addresses, telephone numbers, and provincial health identification numbers. For 34 affected individuals, the breach extended to their personal medical histories. Ministry officials confirmed the attacker did not manipulate the system to generate fraudulent medical prescriptions during the three-month access period.
The Ministry initiated formal notification procedures by mail to all impacted individuals following the investigation's conclusion. Affected parties received offers for complimentary identity theft protection services and fraud prevention assistance, despite officials confirming no direct banking information was compromised. The Ministry advised victims to monitor financial accounts and online identities closely due to the potential misuse of exposed data. Additional protective measures included the option to place security keywords on PharmaNet profiles through local pharmacies and request Medical Services Plan alerts requiring secondary identification verification during health service interactions. This incident marked another significant privacy breach in British Columbia's healthcare infrastructure, though authorities emphasized no prescription forgery or medication diversion occurred as a result of the unauthorized access.