Canadian healthcare provider issues data breach warning after server hack

SHN downplays concerns over breach of medical records

Canadian health service provider Scarborough Health Network (SHN) has warned that a data breach may have exposed patients’ health records.

In a notice of breach, SHN explained that its IT staff noticed unusual activity on its systems on January 25.

After narrowing down the problem and enlisting the help of external computer forensics experts, a subsequent investigation found that a “subset of data” on a number of SHN’s servers had been accessed by unauthorized parties.

Unnamed hackers were kicked out of its systems on Feb. 1, according to SHN. IT security controls and monitoring practices have been upgraded to guard against possible subsequent attacks.

Patient information

Information potentially exposed includes patient names, birth dates, email addresses, home addresses, lab reports, diagnostic information, medical procedure details, insurance policy numbers, details of attending physicians, etc.

The data is limited to patients admitted to an SHN hospital rather than the many others who were vaccinated at clinics run by SHN during the Covid-19 pandemic.

Keep up to date with the latest vulnerabilities in health and safety news

To reassure itself, SHN said that it did not detect any abuse of the exposed data. SHN’s Notice of Violation apologizes for the incident and any stress it may have caused patients.

The healthcare provider said it delayed notification of its breach in order to complete its investigation into the cybersecurity incident. The breach was reported to the Office of the Information and Privacy Commissioner of Ontario, Canada.

SHN did not reveal the number of recordings potentially exposed. The daily sip questioned the healthcare provider and asked for more details about the initial vector and mechanism of its January cyberattack.

No response yet, but we’ll update this story as we get more information.

RECOMMENDED Chicago Public Schools Data Breach Blamed on Third-Party Ransomware Attack

Comments are closed.