Personal information of workers, applicants seized in breach
Cyber criminals may have gotten access to personal information of those using websites of health employers in British Columbia following a recent attack.
The Health Employers Association of British Columbia (HEABC) fell victim to a cyberattack that hit the server that hosted websites and application forms for Health Match BC (HMBC), the BC Care Aide and Community Health Worker Registry and the Locums for Rural BC program.
“HEABC shut down the affected server and websites and has implemented additional security measures to ensure that the services affected are safely reinstated as quickly as possible,” said Michael McMillan, president and CEO, HEABC.
The personal information that may have been taken through the attack could include personal email addresses, birthdates, social insurance numbers, passport information, driver’s licenses, educational credentials, investigative reports, and other information relating to individuals’ dealings with the relevant programs, according to the association.
There were roughly 240,000 unique email addresses in the relevant databases, it said. HEABC learned of the cyberattack on July 13, McMillan said.
In June, about 55,000 records of past and present certified and permitted teachers in Nova Scotia — including name, address, date of birth, years of service and educational background — were stolen in the MOVEit cyber security breach.
HEABC response to cyber attack
HEABC has notified the Office of the Information and Privacy Commissioner and the Canadian Centre for Cyber Security and has reported the incident to law enforcement, it said.
The association is also working with EquiFax Canada to provide credit monitoring services, as appropriate, it said.
“We recognize this event may create questions and concern for individuals,” McMillan said. “I sincerely regret that this event happened and reassure everyone that we are working with cybersecurity and privacy experts to address the incident, safeguard against any future vulnerabilities, and notify and support individuals whose personal information may have been involved.”
The association is also providing more information related to the affected programs on each of the websites.
How to prevent cyber attacks
“Despite the prevalence of Cyber-attacks, a cyber-attack is preventable,” said Khushboo Sharma, in a piece posted on the website of KnowledgeHut, a training provider of global accrediting bodies. “However, the key to protection is using end-to-end cyber security architecture that has multi-layers and can be used on all networks.”
As companies rush to maximize the potential of generative artificial intelligence (AI) for business success, they may be overlooking one key player in the decision-making process: the chief data officer (CDO), finds a new IBM report.
Employers can do the following to prevent similar attacks, according to Ekran, a provider of software for auditing employee activity, detecting insider threats and protecting servers:
- Establish a robust cybersecurity policy.
- Employ a people-centric security approach to reduce the chance of human risks.
- Control access to sensitive data.
- Monitor the activity of privileged and third-party users.
- Enhance your data protection and management.
- Use multi-factor authentication.
- Conduct regular cybersecurity audits.