CarePartners breach included patient names, addresses, and financial information

CarePartners, a Canadian healthcare agency and home care service provider for Ontario’s health authority, has announced it has fallen victim to a “sophisticated” cyber-attack that resulted in patient and employee data being compromised.

A statement from the group on Monday confirmed that an unauthorized third party had breached CarePartners’ system and accessed patient and employee information, including personal health and financial information.

As a service provider for Ontario’s Local Health Integration Network (LHIN), CarePartners is responsible for around 11% of all publicly funded home care services in the east Canadian province.

Speaking with The Daily Swig via email yesterday, an LHIN spokesperson said the organization was “working diligently with CarePartners and Herjavec Group [a cybersecurity firm] to confirm the number of patients affected”.

“CarePartners will communicate directly with impacted patients, as the extent of the breach is confirmed,” the spokesperson said.

They added: “Because CarePartners provides home care services contracted by Ontario’s LHIN, there would be personal and personal health data that has been accessed (e.g. patient names, address, and demographic information).

“CarePartners also provides fee-for-service home care services, and for these patients the information could include financial information.”

LHINs and CarePartners have voluntarily suspended the online referral system’s capacity to receive patient assignments until the breach is fully contained and vulnerabilities are fully closed.

The Ontario Information and Privacy Commissioner and law enforcement officials have also been contacted and engaged, the health authority confirmed.