Privacy Breach Update
PRIVACY BREACH UPDATE – July 24th, 2018
On June 18, 2018, CarePartners, an Ontario-based community health care agency contracted by Ontario’s Local Health Integration Networks (LHINs) to provide home care services including personal support and nursing, publicly reported that it was the victim of a cyber-attack by sophisticated actors. As a result of the cyber-attack, patient and employee information held in CarePartners’ computer system, including personal health and financial information, was inappropriately accessed.
Acting immediately in partnership with Ontario's LHINs, CarePartners took direct steps to prevent additional exposure and close vulnerabilities. CarePartners retained a leading cyber security firm to contain and determine the extent of the breach. Additionally, the LHINs and CarePartners suspended the online referral system’s capacity to receive patient assignments from Ontario’s LHINs. CarePartners also notified the police and an ongoing investigation continues. Finally, the LHINs, with CarePartners, informed and continue to work with Ontario’s Information and Privacy Commissioner.
In addition to the public notice of the cyber-attack, CarePartners proactively notified those patients whose records are confirmed to have been inappropriately accessed. CarePartners continues to have in place a call centre to address any questions or concerns 1.844.337.7300.
On July 17, 2018, CBC News reported that the cyber-criminals had contacted them and provided the CBC with additional personal health and financial information obtained illegally from the June CarePartners attack. CarePartners has been unable to confirm the accuracy of the information that remains in CBC’s possession.
As the extent of the breach and number of patients impacted is unclear, CarePartners encourages past and present patients and employees to monitor their accounts and notify their financial institution of any suspicious activity.
Patient care, including the protection of patient privacy and the security of patient health information, is our primary focus—always. Ontario’s LHINs have independently retained a third-party to undertake a comprehensive review of each of our third-party contractors to ensure that patient data systems and facilities meet industry cyber-security standards.
CarePartners continues to support impacted patients and employees by providing one year of credit monitoring for any individuals whose personal data may have been breached. Information regarding credit monitoring and questions related to personal data can be addressed by calling 1.844.337.7300 until September 30, 2018. After September 30, 2018 please call CarePartners at its Head Office number: 1.866.288.4788
In light of the ongoing risk, CarePartners is encouraging all past and present patients and employees to monitor their accounts and notify their financial institution of any suspicious activity.