, 14 tweets, 4 min read Read on Twitter
Some facts regarding this story:

* Open Privacy found patient records (name, sex, diagnosis, doctor, room number) in our log files during an unrelated radio project.

* We confirmed the authenticity of this data by cross referencing it with public obituaries.
* Due to timing happenstance we were also able to learn the name and room number of a gun shot victim, that name was never released (or at least never reported) by the media as she was being treated.

This medical data breach has real life consequences.
I've been asked "why is this important" by journalists today and...I don't know how to answer that if it isn't obviously apparent to you when I say that patient medical data is being broadcast in real time across Vancouver.

Like twitter but for your medical treatment.
We securely deleted all of our logs after helping VCH with their investigation(s), but that doesn't make the breach go away.
VCH also asked us to "return the data to the privacy office", and even if we were still in possession of the logs, I'm not even sure what to make of that question.
Since I've been asked this question a few times. While we did observe ad-hoc pagers containing PII, the most concerning were the structured records which were obviously machine generated, heavy in quantity and contained a wealth of , nicely formatted, patient information.
As I mentioned, when we provided evidence of these records to VCH we had to heavily redact them because we didn't consider email an appropriately secure mechanism for transmitting such critical data like patient name, room number & diagnosis.
Imagine having your diagnosis broadcast to the entire city before you've been told - we observed patient names linked to diagnosis from every from pneumonia, to chlamydia, to gun shot wound, to liver transplants.

It's really hard to overstate the seriousness of this breach.
As I mentioned we were easily able to cross reference public obituaries to confirm the authenticity of this data. As morbid as that is, it underscores how trivial it was to link this data to real people and real events.

This isn't an abstract harm.
I've been asked why there are some big gaps in the timeline early this year, and that was mostly because I was working on the research around the cryptographic flaws in the Swiss evoting system. We get a lot done at @OpenPriv but we are limited!

@OpenPriv I've now had multiple separate reports that these health records have been intercepted by various parties dating back at least 3 years (some dating back much further).

The numbers patients impacted could be in the hundreds of thousands.
@OpenPriv I've also had a few reports that other BC and Canadian health authorities are likely impacted by the same or similar issues. This would be unsurprising (we've suspected the same based on public reporting) - but it also adds up to a medical data breach crisis.
@OpenPriv The main reactions I've received have been shock and horror. People do not expect their medical data to be treated like this, recklessly broadcast for anyone to consume.

Something needs to change.
@OpenPriv I expect this conversation will roll into the next few days and weeks. This part of the story is far from over with investigations on going (and we still need to understand why the initial VCH investigation concluded that there was no issue)
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Sarah Jamie Lewis
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!