Security
Headlines
HeadlinesLatestCVEs

Headline

Canadian healthcare provider issues data breach warning after server hack

SHN plays down concerns over medical records breach

PortSwigger
#auth

John Leyden 26 May 2022 at 14:11 UTC

SHN plays down concerns over medical records breach

Canadian healthcare service provider Scarborough Health Network (SHN) has warned that a data breach may have exposed patient healthcare records.

In a breach notice, SHN explained that its IT staff noticed unusual activity on its systems on January 25.

After containing the problem and calling in help from external IT forensics experts, a subsequent investigation discovered that a “subset of data” on a number of SHN’s servers had been accessed by unauthorized parties.

Unnamed hackers were kicked off its systems by February 1, according to SHN. IT security controls and monitoring practices have been upgraded to guard against potential follow-up attacks.

Patient information

The potentially exposed information includes patient names, birth dates, email addresses, home addresses, lab reports, diagnosis information, medical procedure details, insurance policy numbers, details of attending physicians, and more.

The data is limited to patients admitted to an SHN hospital rather than the many more who received vaccinations at SHN-run clinics during the Covid-19 pandemic.

Catch up on the latest healthcare breaches and security news

By way of some reassurance, SHN said that it had not detected any abuse of the exposed data. SHN’s breach notice goes on the apologize for the incident and any stress it may have caused to patients.

The healthcare provider said that it had delayed notification of its breach in order to complete its investigation of the cybersecurity incident. The breach was notified to the Office of the Information and Privacy Commissioner of Ontario, Canada.

SHN did not disclose how many records were potentially exposed. The Daily Swig asked the healthcare provider about as well as requesting more detail on the initial vector and mechanism of its January cyber-attack.

No word back, as yet, but we’ll update this story as and when more information comes to hand.

RECOMMENDED Chicago Public Schools data breach blamed on third-party ransomware attack

PortSwigger: Latest News

We’re going teetotal: It’s goodbye to The Daily Swig