The personal health information of about 34,000 medical marijuana patients was accessed in a data breach of an electronic medical record system used by Sunniva Inc.’s Natural Health Services Ltd. subsidiary.
NHS says patients have been informed in the last week of the breach that occurred between Dec. 4, 2018 and Jan. 7.
It says the breach didn’t involve any financial, credit card or social insurance number information since those aren’t collected from patients.
However, personal injury firm Diamond and Diamond — which has announced a proposed class-action lawsuit against NHS and Sunniva — says it did involve diagnostic results, health-care numbers and personal contact information.
The company, which operates seven clinics in Canada, says it has been working with privacy protection and law enforcement authorities to investigate and respond to the breach.
A dedicated hotline has been set up to field patient inquiries, at 1-888-297-0573.
“We value our patients and understand the importance of protecting personal information and apologize to the patients whose personal information has been improperly accessed and for any frustration or inconvenience that this may cause,” stated NHS president Dr. Mark Kimmins.