Experts Comments On Vancouver Coastal Health And Patients’ Data Vulnerability

A nonprofit privacy advocacy group called Open Privacy Research Society discovered that the sensitive medical information of patients being admitted to certain hospitals across the Greater Vancouver Area is being broadcast, unencrypted, by hospital paging systems, and that these broadcasts are easily interceptable. The society discovered the vulnerability and notified Vancouver Coastal Health (VCH) immediately almost a year ago, but VCH ignored and downplayed the vulnerability for months.

Some of the patient data (PHI) being broadcast includes the following:

  • Name
  • Age
  • Gender marker
  • Diagnosis
  • Attending doctor and room number

Experts Comments

September 11, 2019
Eve Maler
VP of Innovation & Emerging Technology
ForgeRock
Healthcare organizations can't afford to be negligent about security when threat actors have proven their relentlessness in gaining access to and misusing patients’ personal health information (PHI). By broadcasting unencrypted PHI through radio waves, Vancouver Coastal Health opened a window of opportunity for cybercriminals to exploit patient data for their own personal gain. Despite Open Privacy’s initial alert over the security issue in late 2018, VCH continued to ignore and downplay.....Read More
Healthcare organizations can't afford to be negligent about security when threat actors have proven their relentlessness in gaining access to and misusing patients’ personal health information (PHI). By broadcasting unencrypted PHI through radio waves, Vancouver Coastal Health opened a window of opportunity for cybercriminals to exploit patient data for their own personal gain. Despite Open Privacy’s initial alert over the security issue in late 2018, VCH continued to ignore and downplay the vulnerability for almost a year, which is even more alarming. In general, there seems to be a lack of awareness of data protection requirements and technologies. In order for VCH and other healthcare entities to solve issues surrounding privacy, identity, consent, and all elements of processing personal data, these organizations must deploy and use proven security applications that are built from existing well-tested libraries and best practices. VCH needs to transition to a more secure messaging system immediately to prevent further and future access to PHI. It's now easier than ever to leverage security strategies and tools that prescribe real-time, contextual and continuous security, detecting irregular behavior and prompting further action, such as strong and adaptive identity authentication and authorization. Healthcare organizations that use these strategies and tools are in a better position to prevent malicious actors that seek unauthorized access to PHI.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.