Significant data breach involving patient data reported at three Toronto hospitals
Patients at three Toronto hospitals may have had some of their personal data accessed following a cybersecurity breach but officials say the complexity of the incident is such that they have been unable to determine how many people were impacted.
The Scarborough Health Network has issued a public notice regarding an incident involving unauthorized access to data contained on “several” of its servers.
It says that the data which may have been accessed includes patient ID numbers, names, genders, dates of birth, email addresses, home addresses, OHIP numbers, procedure descriptions, lab reports, staff names,, insurance policy numbers, immunization status and diagnosis information.
“SHN takes the privacy and security of patient, staff and business contact and personal information very seriously, and we sincerely regret that this incident occurred,” SHN President and Chief Executive Officer Elizabeth Buller said in a news release. “I want to assure patients that we acted as swiftly as possible to contain and investigate the incident to ensure that our clinical operations were not impacted. Furthermore, all IT security improvements that were identified as a result of our investigation were immediately addressed.”
The cybersecurity breach was first discovered on Jan. 25 and the “unauthorized actor” was shut out of the system by Feb. 1, according to officials. For that reason, all patient data collected since February is not considered to be at risk.
The hospital network says experts are continuing to monitor the situation but “have not yet detected any malicious use of the data that was accessed.”
Officials with SHN are, however, advising individuals to monitor their accounts and “remain vigilant for incidents of fraud and identity theft.”
“Unfortunately, given the complexity of the Incident, we are not able to determine which individuals were directly impacted,” a post on the SHN website states.
The breach impacted servers with patient data from Birchmount Hospital, Scarborough General Hospital, Centenary Hospital, as well as Ajax Pickering Hospital prior to its amalgamation under Lakeridge Health.
The breach has been reported to the Office of the Information and Privacy Commissioner of Ontario.
The Scarborough Health Network has set up a resource page for those who may have been impacted by the breach at the following link.