The British Columbia Conservative Party is calling for a comprehensive audit of data security protocols across provincial health authorities following an alarming data breach that has reportedly enabled cybercriminals to infiltrate Canada Revenue Agency (CRA) accounts using stolen employee information.
The demand comes after a CBC Fifth Estate investigation uncovered that personal details of both current and former Interior Health employees—previously compromised in a 2023 security incident—are now being used by fraudsters to access CRA accounts and commit identity theft. The security breach has reignited concerns over the vulnerability of sensitive data held by public institutions and the adequacy of provincial responses to cyberthreats.
Sensitive Data, Lasting Impact
The CBC’s report highlighted that the stolen data included names, addresses, social insurance numbers (SINs), and banking details. Although Interior Health initially disclosed the breach in 2023, it was not publicly known until recently that the information had been weaponized to manipulate federal accounts, including tax returns and benefit deposits.
At the centre of the controversy is the assertion that the Interior Health Authority failed to implement sufficient safeguards post-breach, leaving affected individuals open to further financial and privacy risks.
“We are deeply disturbed that this personal information was not only leaked, but is now being used for criminal activity,” said B.C. Conservative Leader John Rustad. “The government must launch a full review of cybersecurity measures across all health authorities and hold those responsible for the lapses accountable.”
Political Pressure Mounts
The Conservatives’ call adds pressure on the B.C. NDP government, which has already faced criticism for a lack of transparency and preparedness in handling the province’s increasingly frequent cyber incidents. While the Ministry of Health issued a brief statement acknowledging the matter, it did not commit to launching an independent review.
Also Read: Disturbing Details Emerge from Gene Hackman and Betsy Arakawa’s Santa Fe Home Investigation
Rustad emphasized that the data breach and subsequent misuse of information are not isolated problems. “This is a systemic failure,” he said. “British Columbians deserve to know that their personal health and employment data is safe, and they deserve timely disclosure and real consequences when breaches occur.”
Voices from the Frontlines
Affected employees and cybersecurity experts have echoed Rustad’s concerns. One former Interior Health nurse, whose CRA account was compromised, said she only discovered the issue after noticing an unauthorized change to her direct deposit details during tax season.
“I trusted the system to keep my data safe, but now I feel completely exposed,” she said, speaking on condition of anonymity.
Cybersecurity analysts say that while the initial breach may have stemmed from external attackers, the ongoing damage underscores internal failings. “Once sensitive data is compromised, organizations must immediately act to protect affected individuals,” said Lisa Kwan, a digital security consultant based in Vancouver. “That includes monitoring, alerts, and proactive communication—not radio silence.”
Calls for Legislative Action
Rustad and his party are now pushing for legislative changes that would require public institutions to follow more stringent data protection protocols and ensure automatic notification of affected individuals within a defined timeframe. They are also advocating for an independent oversight body to investigate public-sector breaches and monitor compliance.
“Data breaches are not just IT issues; they are governance failures with real-life consequences,” Rustad added. “We need legislative teeth to prevent this from happening again.”
Public Confidence at Risk
The breach has led to broader questions about the public’s trust in provincial institutions, particularly in the handling of sensitive health and employment information. Critics argue that without swift and transparent action, confidence in the health system’s digital infrastructure may erode further.
As of now, Interior Health has not issued a new statement addressing the CRA-related developments. Meanwhile, the federal government has advised Canadians to monitor their CRA accounts for suspicious activity and to set up multi-factor authentication where available.
With the provincial election looming, the issue of cybersecurity and data privacy could become a focal point of public discourse in British Columbia. The Conservatives are expected to table a formal motion in the legislature demanding a comprehensive data audit in the coming days.
