National healthcare chain Homewood Health has confirmed that it sustained a data breach earlier this year, and that stolen information was leaked on a hacker website.
A cybersecurity researcher first tipped off IT World Canada about stolen documents that were put up for sale on Marketo on July 19. Documents shared with the tech news site appeared to be agreements between Homewood Health and the University of Lethbridge, in addition to a list of persons with a provincial workers’ compensation board. At that time, Homewood Health would not officially confirm nor deny the possibility that a breach had occurred.
But CTV News has recently received word from Homewood Health, confirming that it was hacked.
“With the assistance of cybersecurity experts, we have been working diligently to understand how the information was obtained and what information has been affected,” a Homewood Health spokesperson said in a statement.
In its statement, the company had pinned responsibility for the breach on Hafnium, a group of state-sponsored Chinese hackers.
“To date, neither Homewood Health nor its third-party cybersecurity experts have been able to find any evidence of any unauthorized access to any of Homewood Health’s client application systems,” the company added.
While Homewood Health would not estimate how many individuals whose data could be compromised due to the breach, it did say that it will be notifying affected people as quickly as possible.
The healthcare company has also begun contacting affected companies and agencies whose information may have also been compromised thanks to the attack, including BC Housing, TransLink and the Provincial Health Services Authority.
CTV News also reached out to the leaked data marketplace Marketo for a statement on the matter. A representative for the hacker site refuted Homewood Health’s claim that the data was acquired as part of the Hafnium attack earlier this year, saying that Marketo researched Homewood Health’s weaknesses and attacked them directly.
“I got to say it right away that we just sell company data. We do not have the intention to harm customers or clients of this company,” a Marketo representative said. “If the company understands and is willing to accept responsibility for the leak, there will be no publication. Otherwise, we are not responsible for the safety of this data.”
Marketo has threatened to sell off some of the data this Thursday, and to leak the rest.
Headquartered in Guelph, Ontario, Homewood Health has a network of more than 4,500 employees. It runs several mental health and addiction treatment clinics and residences in Alberta, British Columbia, the Maritimes, and Ontario.
