The British Columbia Institute of Technology (BCIT) recently issued a statement acknowledging that a Student Health Services computer server had been accessed by an unauthorized third party. Information stored on the server, according to the statement, included 12,680 patients' names, dates of birth, Medical Services Plan numbers, Personal Health Numbers, phone numbers, addresses, and treatment billing codes and descriptions.
"The breach was found during a recent scheduled security audit by BCIT's information technology services department," The Burnaby NewsLeader reports. "The records on the server date from October, 2005 to June 11, 2012."
"As part of the investigation, BCIT said the server was taken immediately off-line and had its drives removed and analyzed," The Province reports. "Letters of notice were also sent from BCIT to the individuals who may have had their information accessed."
"The school apologized for the breach and said it is reviewing its security processes and is working with the Office of the Information and Privacy Commissioner for British Columbia to ensure privacy standards are upheld," CBC News reports. "BCIT spokesman David Pinton said an analysis also shows that whoever broke into the system may not have been looking for private information, but for private entertainment. 'The name of the game, it looks like, was to get a nice big internet connection and then upload and download movies,' Pinton said."
"Anyone who has reason to believe their personal information has been compromised or used inappropriately should email email@example.com or visit www.bcit.ca/privacy for more information," writes Burnaby Now's Marelle Reid.