Image copyright Getty Images Image caption The hospital that hosted the Heart of the Atlantic Symposium in August 2015
A hacker has stolen confidential information on thousands of patients of a New Brunswick, Canada, hospital in an online heist that may have affected thousands more.
The hackers obtained access to 500,000 records after breaking into HealthQuest Conference Associates, a company that handles clinical data from hospitals.
The records contain information on up to 190,000 patients of New Brunswick General Hospital.
Hackers broke into the company’s website and mobile app. They were able to collect data on patients enrolled in the New Brunswick General Hospital’s Heart of the Atlantic Symposium in August 2015.
“The hack was very sophisticated,” said Shelley Gasperino, an executive with the health research centre.
Details of the breach include a patient’s birth date, a diagnosis of HIV or Aids, National Health Service hospital information, current medications and statistics on their drug interactions, Ms Gasperino said.
Photo: RNZ / Philip Chandler
HealthQuest’s Director of Cyber Security, Michael Proulx, said the data was stolen from its web host, a New Jersey-based company called 1-Site Services.
1-Site’s servers were also “under attack” according to Mr Proulx. The hackers were able to bypass the security on 1-Site servers by “transferring (attacking) logins to an unauthorized network”, he said.
Hackers gained access to the details of patients attending the Heart of the Atlantic Symposium in Barrington, New Brunswick, back in 2015.
“The hackers are smart. They did everything right. They were much more efficient and they didn’t have to really communicate. They actually managed to have automated processes to steal the data,” said Mr Proulx.
The New Brunswick Hospital’s Social Assistance Institute has urged patients who participated in the 2015 conference to protect their social security numbers.
Mr Proulx said 1-Site has contracted with Microsoft and is now taking steps to make sure its servers are as secure as possible.