Cyber Incident Victim: PharmaNet

In September 2016, an unauthorized individual obtained and used a physician’s login credentials to access PharmaNet, British Columbia’s province-wide network connecting all pharmacies to a central prescription information system. The breach compromised the personal information of approximately 7,500 residents, including their full names, addresses, dates of birth, and Care Card numbers. For 80 of these individuals, the unauthorized access extended to their medication history spanning the previous 14 months. The British Columbia Ministry of Health confirmed the incident in February 2017 after initiating an investigation involving 14 physicians whose accounts may have been linked to the breach. Detection methods were not disclosed, but the ministry began sending notification letters to affected patients and physicians in February 2017, advising precautionary measures against potential identity theft due to the sensitivity of the exposed data.

The Ministry of Health emphasized that no banking information was stored in the accessed records but acknowledged the compromised data could serve as an entry point for identity theft. This marked at least the second major breach of PharmaNet, following a 2014 incident where approximately 1,600 patients had their prescription records accessed by an unknown hacker over three months. Opposition MLA critics raised concerns about repeated security failures in safeguarding citizen health data. Containment efforts included direct notifications urging affected individuals to monitor their credit, though no specific system upgrades or credential resets were detailed in public communications. The breach investigation remained ongoing at the time of disclosure, with no attribution or motive provided for the unauthorized access.