In 2009, CarePartners began organizing medical trips through its sister agency, Community Nursing Services (CNS), to countries where there are less medical services available. Past trips have included Peru, Nicaragua, Guatemala, Philippines, and Guyana.
In these countries, CarePartners staff – accompanied by doctors, dentists and translators, have worked with local Rotary clubs to set up clinics and provide medical care for local families including medications, fluoride treatments, eye glasses, dental extractions, and health counseling. Our staff who participate in the trips have found them to be a great opportunity to give back to those who have much less access to health care than we do and at the same time, make use of skills that our staff have developed as community health care providers. Many CarePartners employees have found participating in the trips to be a life-changing experience.
On June 18, 2018, CarePartners, an Ontario-based community health care agency contracted by Ontario’s Local Health Integration Networks (LHINs) to provide home care services including personal support and nursing, publicly reported that it was the victim of a cyber-attack by sophisticated actors. As a result of the cyber-attack, patient and employee information held in CarePartners’ computer system, including personal health and financial information, was inappropriately accessed.
Acting immediately in partnership with Ontario's LHINs, CarePartners took direct steps to prevent additional exposure and close vulnerabilities. CarePartners retained a leading cyber security firm to contain and determine the extent of the breach. Additionally, the LHINs and CarePartners suspended the online referral system’s capacity to receive patient assignments from Ontario’s LHINs. CarePartners also notified the police and an ongoing investigation continues. Finally, the LHINs, with CarePartners, informed and continue to work with Ontario’s Information and Privacy Commissioner.
In addition to the public notice of the cyber-attack, CarePartners proactively notified those patients whose records are confirmed to have been inappropriately accessed. CarePartners continues to have in place a call centre to address any questions or concerns 1.844.337.7300.
On July 17, 2018, CBC News reported that the cyber-criminals had contacted them and provided the CBC with additional personal health and financial information obtained illegally from the June CarePartners attack. CarePartners has been unable to confirm the accuracy of the information that remains in CBC’s possession.
As the extent of the breach and number of patients impacted is unclear, CarePartners encourages past and present patients and employees to monitor their accounts and notify their financial institution of any suspicious activity.
Patient care, including the protection of patient privacy and the security of patient health information, is our primary focus—always. Ontario’s LHINs have independently retained a third-party to undertake a comprehensive review of each of our third-party contractors to ensure that patient data systems and facilities meet industry cyber-security standards.
CarePartners continues to support impacted patients and employees by providing one year of credit monitoring for any individuals whose personal data may have been breached. Information regarding credit monitoring and questions related to personal data can be addressed by calling 1.844.337.7300 until September 30, 2018. After September 30, 2018 please call CarePartners at its Head Office number: 1.866.288.4788
In light of the ongoing risk, CarePartners is encouraging all past and present patients and employees to monitor their accounts and notify their financial institution of any suspicious activity.