[BreachExchange] One arrested, thousands more potential PharmaNet privacy breaches

Audrey McNeil audrey at riskbasedsecurity.com
Tue Apr 4 20:27:58 EDT 2017


http://www.news1130.com/2017/04/03/one-arrest-thousands-
more-potential-pharmanet-privacy-breaches/

Vancouver Police have arrested one man and identified about 13,000 new
people who may have been victims of a massive PharmaNet privacy breach.

7,500 individuals were found to have potentially had their PharmaNet
profile or medication history viewed inappropriately earlier this year. As
part of their investigation, police have now discovered thousands more
potential affected individuals, and say there could be more.

The BC Government says the breaches are alleged to be a result of
cybercrime, which targeted physicians’ and medical clinic offices, and
PharmaNet service vendors. It is suspected that access was obtained through
impersonation of physicians and other methods.

The VPD arrested one man at a home in Richmond on March 23rd, but no
charges have been laid. Police have confirmed that the information accessed
from PharmaNet has been used for fraudulent purposes in some instances. The
investigation continues.

The BC government is offering credit monitoring at no cost to all affected
individuals. The Ministry of Health is contacting all affected individuals
by letter to inform them of the incidents and provide instructions on how
to access credit monitoring.

Since discovering the incidents, the Ministries of Health, Finance, and
Technology, Innovation and Citizens’ Services have shut down affected
accounts, and disabled accounts that have been inactive for more than 30
days.

The Ministry of Health is implementing more robust security measures with
PharmaNet vendors and is installing cautionary banners that stress the
legislative requirements for using PharmaNet upon signing in.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170404/58d0867f/attachment.html>


More information about the BreachExchange mailing list