The Office of the Information and Privacy Commissioner of British Columbia released a damning report on 15 December 2022 on security vulnerabilities in Panorama, the health database managed by the Provincial Health Services Authority (PHSA).
This database holds highly sensitive data on six million patients. This includes data on immunisation status, mental health assessments, sexually transmitted infections (including HIV), drug and alcohol use and pregnancies (including outcomes).
Yet the report shows that Panorama fails to comply with some of the most basic cybersecurity measures, even after an initial warning in 2019:
- No multi-factor authentication is required to access the platform
- There is no way to detect an intrusion when it occurs, only after the fact
- The platform has no alert system for suspicious connections (from a new device, for example)
- Data encryption is insufficient to ensure data security.
Even more concerning is that 4,000 staff and professionals have access to Panorama, increasing the risk of an intrusion. “Every British Columbian should be troubled by these findings, as it means that the personal information stored on the system is vulnerable to misuse and attack,” the report concludes.