Question period in the B.C. Legislature on April 15, began with an inquiry from the opposition about a large data breach targeting Interior Health employees.
"Over 28,000 social insurance numbers have been stolen from B.C.'s Interior Health employees," said Bruce Banman, a B.C. Conservative MLA for Abbotsford South.
"Their personal information has been hacked and stolen," he added.
"What kind of gong show is this government running in Interior Health?"
In March 2024, Interior Health released a public statement about the data breach after being informed of a document that had been discovered in an RCMP investigation in January 2024. Interior Health stated that the document contained the names, dates of birth, social insurance numbers, home addresses and phone numbers of more than 20,000 employees, but contained no patient information.
In the statement, the health authority said it is looking to contact people who were employed by Interior Health between 2003 and 2009.
"We recognize the sensitivity of personal information and are committed and legally bound by FIPPA to protect privacy," said Brent Kruschel, vice president of digital health, Interior Health in an emailed statement to Capital News.
Kruschel said technical experts believe the breach likely occurred in 2009 and said the health region has since made "significant security upgrades to their systems."
Banman told the legislature that the stolen identities have been used for fraudulent activities, including inappropriate Canada Revenue Agency refunds and loans.
He then asked the provincial government, specifically Minister of Health Josie Osborne, when they were aware of the breach and asked why Interior Health employees were not made aware of the incident.
Minister Osborne responded to Banman's questions and told the legislature that she first became aware of the breach and related RCMP investigation in January 2024.
"The RCMP informed Interior Health about a document discovered during an investigation that included personal information of individuals, including a number of current and former Interior Health employees."
Osborne also said that the government notified the Office of Information and Privacy Commissioner of the incident.
"They are now taking steps to notify all current and former employees," said Osborne.
Kruschel said that in addition to the March 2024 press release, "current employees have been updated, and every effort has been made to connect with previous employees to offer information and assistance, including credit monitoring."
While there is concern that private information has been shared and sold on the dark web – which is a part of the internet where people can hide their identity and location, the government alleges there is no evidence to support such claims.
Kruschel said that in addition to the RCMP investigation, Interior Health hired external security experts to review the situation and scan the internet.
"These scans have not located this information on the dark web," said Kruschel.
However, he said due to the age of the data and its broad scope, Interior Health has not been able to accurately confirm where the breach originated.
"As this remains an active RCMP investigation and before the courts, Interior Health is not able to provide additional information," said Kruschel
Interior Health urges anyone with additional information on the data breach to bring it forward to the RCMP immediately.
