A non-profit-run hospital in Arnprior, ON has revealed it has suffered a cyberattack exposing decades worth of data.
Arnprior Regional Health (ARH) announced that it was first aware of the cyberattack on its IT system on December 21, 2021. Ongoing investigations further uncovered on April 01, 2022, that some data from Arnprior and District Family Health Team (ADFHT) was compromised. ADFHT purchases IT services from ARH and houses its files on ARH's network. ADFHT also noted it was initially told by ARH that its data was not affected by the breach, but the ongoing investigation discovered otherwise.
The perpetrators potentially accessed sensitive information including names, dates of birth, contact information, health card numbers, recent hospital visits, and diagnoses, CTV News reported. According to ARH, the earliest information accessed dates back to April 1996 and can affect both present and former patients – including those who are on physician waitlists, those who attended mass vaccination clinics in Renfrew County, or even those contacted by flu shot clinics.
But ARH also stated that its health records system was not impacted by the breach.
“This matter is of the utmost concern to Arnprior Regional Health and is being treated as our highest priority. We apologize for the inconvenience this unfortunate incident may cause you,” said ARH president and CEO Leah Levesque in a statement.
Levesque also said that ARH is “taking a number of additional measures to strengthen [its] systems” following the attack and that it is working with its internal IT teams and external experts.
The hospital stated that a full list of those whose data was potentially compromised is available on its website.
