[BreachExchange] Health information of nearly 1, 200 compromised after website hack at Prairie Mountain Health

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jun 2 18:55:25 EDT 2017


http://www.cbc.ca/news/canada/manitoba/prairie-mountain-
health-hack-1.4136600

The personal health information of nearly 1,200 people in western Manitoba
may have been compromised after Prairie Mountain Health discovered last
month that an internal website was hacked, however officials say the
likelihood information was accessed is low.

Officials discovered a security breach of an internal website used by the
region's ambulance service for educational and quality assurance purposes
on April 5, 2017, a Prairie Mountain Health spokesperson said in a
statement to CBC News on Monday.

The breach involved records of ambulance transports for 1,176 patients
between 2013 and 2017, as well as employment information on 453 Prairie
Mountain Health and affiliate employees in the northern part of the health
region.

"Although the likelihood is low based on how this information was stored on
the site, we cannot exclude the possibility that identifiable personal and
personal health information may have been, at minimum, viewed by the
attacker, and/or copied," read a statement from by Prairie Mountain Health.

Written notifications were sent to affected staff on April 6 and to
patients affected by the breach between April 12 and May 19, 2017, the
region said.

"It is our impression that the intent of the 'hack' was not targeted at
accessing this information but rather to infect and transmit a virus into
files maintained within this website."

Prairie Mountain Health said the breach was limited to select files and
would have required going through each individual file and transposing, in
same cases, hand written information.

"Anytime there has been a compromise of personal or personal health
information, we remain concerned," Prairie Mountain Health CEO Penny Gilson
said in a statement provided to CBC News by a spokesperson. "However, PMH
carried out our best efforts to notify impacted individuals as soon as
reasonably possible so that any necessary precautions could be taken."

All necessary containment and prevention actions have been taken, the
health region said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170602/c6a27f5d/attachment.html>


More information about the BreachExchange mailing list