Ontario vaccine booking system potentially breached by hackers

Ontario vaccine booking system potentially breached by hackers | Insurance Business Canada

Ontario vaccine booking system potentially breached by hackers

The healthcare industry continues to be a popular target for cyber threat actors – as officials have started an investigation into the potential data breach of the vaccine booking system.

Ontario residents have reported receiving text messages addressed to them or their relatives, asking them to reply so that they could “receive” a reimbursement of cash. The spam messages are suspected to be a form of phishing, but what has grabbed people’s attention is that the spam texts addressed them or their relatives by their full names.

Carla Embleton, who received two messages addressed to her 12-year-old daughter, told CTV News that she was concerned that her daughter’s information had been compromised.

"What really triggered it for me was the spelling of her name,” she said. “It was her name, her full name with middle name, and her middle name was fully capitalized and the only time I've ever seen that was on her vaccine passport."

Another Ontario resident, Mike Primeau of Ottawa, also reported receiving a similar text addressed to his son. He too suspects that the fraudsters could have only acquired information such as his son’s full name through the provincial vaccine portal.

"It worries me more around, you know, what kind of information could they gather from that first name, last name, date of birth, health card," Primeau told CTV News. "Maybe there's healthcare fraud involved, but as far as using [the portal] again, I probably would."

The Solicitor General has confirmed that the government is investigating these reports, and has warned citizens to be wary of dubious-looking texts.

"Ontarians should be aware these texts are financial in nature and that the government will never conduct a financial transaction through these methods," said Marion Ringuette, director of communications for the Office of the Solicitor General, in a statement.

"The government takes allegations of fraud very seriously and is aggressively investigating these reports with our partner ministries, the Ontario Provincial Police (OPP) and others."

Cyberattacks against the healthcare industry have intensified over the pandemic period, with the attackers targeting both local clinics and provincial operations indiscriminately. Earlier this month, Newfoundland and Labrador’s computer network suffered a cyber incident that forced staff to revert to a paper-based system.

Read more: Ottawa clinic paralyzed by cybersecurity "incident"

And just last week, the computer systems of Rideau Valley Health Centre in Ottawa, ON were frozen after an unspecified cybersecurity incident disabled the clinic’s phone services and its capability to schedule appointments.

Read more: Homewood Health confirms data breach hit

In August, national healthcare chain Homewood Health announced that it sustained a data breach, adding that the threat actors responsible also leaked the stolen patient information.