During a recent security audit at the British Columbia Institute of Technology, staff discovered someone had gained unauthorized access to a computer server at the medical clinic on campus.
Close to 12,000 students, faculty and staff have been sent letters to alert them to the situation.
Records on this server date from October 2005 to June 11, 2012, and contain patient contact information and basic medical data, including medical services plan and personal health numbers, as well as treatment billing codes and descriptions.
Staff took the server offline to have its hard drives removed and analyzed immediately after the security breach was discovered.
Dave Pinton, acting director of communications at BCIT, said the results show the unauthorized activity was the uploading and downloading of movies onto this server.
"It does not appear at this time this was an access that was trying to steal information," he said.
Anyone who has reason to believe their personal information has been compromised or used inappropriately should email email@example.com or visit www.bcit.ca/privacy for more information.