ACCORDING to Office of the Information and Privacy Commissioner for British Columbia, between 30 April 2025 and 20 June 2025 the OIPC received breach notifications from Vancouver Coastal Health Authority, Fraser Health Authority, Providence Health Care, and the Provincial Health Services Authority linked to the tragic events at the Lapu Lapu Day festival on 26 April 2025.
The incidents involved intentional, unauthorized access to patient personal information, or what is commonly referred to as “snooping” by employees. In total, 71 snooping incidents affecting the medical records of 16 individuals were reported, with 35 employees implicated across the health authorities and PHC, plus one case involving an assistant at a physician’s office with access to an FHA electronic medical records system.
The report notes that half of the individuals who received care following the tragedy subsequently had their privacy breached, and that in most cases these acts were driven by personal curiosity. The report also contains the full investigation findings, which are available via the linked documentation.