[BreachExchange] Canada: Interior Health probes privacy breaches after arrests uncover personal information on employees

Audrey McNeil audrey at riskbasedsecurity.com
Mon Oct 2 20:07:41 EDT 2017


http://www.kamloopsthisweek.com/interior-health-probes-
privacy-breaches-arrests-uncover-personal-information-employees/

The personal information of an estimated 500 current and former Interior
Health employees was found by Mounties in the Lower Mainland when they
arrested two people on two separate occasions in the past three months.

The health authority has now hired external security and privacy experts as
it investigates the information breaches.

Mal Griffin, vice-president for human resources at Interior Health, said
the organization first became aware of a potential information breach in
late June when it was contacted by Lower Mainland RCMP following the arrest
of a person who had possession of personal information of a number of
people, the majority of whom were identified as IH employees.

An internal investigation was initiated and impacted employees were
immediately notified, Griffin said. On Sept. 20, IH was notified by RCMP of
a second, similar situation involving a different person.

The stolen information includes names, addresses, birthdays and social
insurance numbers.

Griffin said the information found is connected to employee records, noting
“there is no concern for patient information.”

“It’s unclear how this information was obtained, but we see some linkages
between the two incidents, which has resulted in us enlisting the support
of external security consultants,” Griffin said, adding that both incidents
have been reported to the Office of the Information and Privacy
Commissioner.

Griffin refused to elaborate about how the information may have been stolen
or what form it was in, citing the ongoing police investigation and that of
the security company contracted by Interior Health.

“We don’t want to compromise the investigation,” he said.

Griffin said IH has contacted all impacted current employees and is in the
process of notifying former employees. All are being offered one year of
credit-monitoring services.

“Personal information can be used to create identities and people use them
to obtain credit cards and bank accounts so they can fraudulently get
access to money,” Griffin said. “Unfortunately, it’s on the rise.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171002/cbdab11f/attachment.html>


More information about the BreachExchange mailing list