Scarborough Health Network (SHN), a Canadian healthcare provider, has issued a warning that a data breach may have disclosed patient health details. According to a breach notice, SHN’s IT employees observed strange activity on its networks on January 25.
After controlling the situation and enlisting the assistance of external IT forensics specialists, an investigation revealed that unauthorized persons had accessed a “subset of data” on various servers of SHN.
SHN revealed that unnamed hackers were booted off the company’s networks by February 1. IT security measures and monitoring techniques have been enhanced to protect against any follow-on attacks. Patient names, email addresses, birth dates, home addresses, diagnosis information, lab results, medical treatment details, insurance policy numbers, data of attending physicians, and other information might be exposed.
The data only includes patients hospitalized in an SHN hospital during the Covid-19 pandemic, not the many more who received vaccines at SHN-run clinics. SHN provided some confidence by stating that no misuse of the exposed data has been discovered. The breach notification from SHN goes on to express regret for the event and any stress it may have caused patients.
SHN provided some confidence by stating that no misuse of the exposed data has been discovered. The breach notification from SHN expresses regret for the event and any stress it may have caused patients. The healthcare company stated that it had postponed reporting the breach in order to conclude its investigation into the cyberattack. The Office of the Information and Privacy Commissioner of Ontario, Canada, was alerted of the incident.
SHN did not say how many records could have been compromised. More information on the original vector and technique of the January cyber-attack has been requested from the healthcare provider. However, no reply has yet been received.