Natural Health Services, the operator of Canada’s largest referral network of medical cannabis patients, recently suffered a data breach that exposed customers’ personal information like medical diagnoses, referrals, encounter notes, and allergies.
The Calgary-based health center stated that unknown intruders allegedly accessed personal health records between December 4, 2018, and January 7, 2019. However, the company clarified that patient prescriptions, financial, credit card or social insurance numbers weren’t compromised in the incident.
“NHS identified that a number of records containing personal health information in the electronic medical record (EMR) system we use were accessed without the authorization of NHS physicians for purposes that may be unrelated to providing medical care,” the company said in a statement. “NHS is working with law enforcement and the Information and Privacy Commissioner of Alberta to investigate this matter. NHS is undertaking all necessary steps to work with the respective provincial privacy commissioners to ensure that this does not happen again.”
The company stated that it notified the affected clients and suggested them to monitor for any unusual activity in their transactions with financial institutions.
In a similar incident, the University of Connecticut Health Center recently suffered a breach that potentially compromised personal data of around 326,000 individuals. In an official statement, the health center stated that unknown intruders accessed the email accounts of several UConn Health employees on December 24, 2018, affecting 326,000 patients’ information.
UConn Health provides health services to the citizens of Connecticut through innovative integration of research, education, and clinical care. The Connecticut-based academic medical center stated the breached data includes, names, dates of birth, addresses, social security numbers, billing and appointment information, and other medical information.
The health center stated that it’s enhancing the security of the impacted accounts to prevent further unauthorized access. It also notified the law enforcement and retained a forensic security firm to investigate for any personal information in the impacted email accounts.