SHN plays down concerns over medical records breach
Canadian healthcare service provider Scarborough Health Network (SHN) has warned that a data breach may have exposed patient healthcare records.
In a breach notice, SHN explained that its IT staff noticed unusual activity on its systems on January 25.
After containing the problem and calling in help from external IT forensics experts, a subsequent investigation discovered that a “subset of data” on a number of SHN’s servers had been accessed by unauthorized parties.
Unnamed hackers were kicked off its systems by February 1, according to SHN. IT security controls and monitoring practices have been upgraded to guard against potential follow-up attacks.
The potentially exposed information includes patient names, birth dates, email addresses, home addresses, lab reports, diagnosis information, medical procedure details, insurance policy numbers, details of attending physicians, and more.
The data is limited to patients admitted to an SHN hospital rather than the many more who received vaccinations at SHN-run clinics during the Covid-19 pandemic.
By way of some reassurance, SHN said that it had not detected any abuse of the exposed data. SHN’s breach notice goes on the apologize for the incident and any stress it may have caused to patients.
The healthcare provider said that it had delayed notification of its breach in order to complete its investigation of the cybersecurity incident. The breach was notified to the Office of the Information and Privacy Commissioner of Ontario, Canada.
SHN did not disclose how many records were potentially exposed. The Daily Swig asked the healthcare provider about as well as requesting more detail on the initial vector and mechanism of its January cyber-attack.
No word back, as yet, but we’ll update this story as and when more information comes to hand.