A Canadian medical cannabis company has revealed that the information of about 34,000 patients may have been exposed in a data breach incident.
Sunniva explained that the electronic medical record system used by its subsidiary, Natural Health Services (NHS), had been breached. Patients were informed of the cyberattack on the last week of the breach, which took place between December 04, 2018 and January 7, 2019.
NHS has announced that the breach did not involve any financial, credit card, or social insurance number information, since those are not collected from patients.
However, personal injury firm Diamond and Diamond, which has proposed a class-action against NHS and Sunniva, argued that the breach exposed diagnostic results, healthcare numbers and personal contact information.
The Canadian Press reported that NHS – which operates seven clinics in Canada – is working with privacy protection and law enforcement authorities to get to the bottom of the breach and to mitigate the damage it may have caused.
“We value our patients and understand the importance of protecting personal information and apologize to the patients whose personal information has been improperly accessed and for any frustration or inconvenience that this may cause,” NHS president Dr. Mark Kimmins said in a statement.