Privacy & Security
Arnprior reports large breach of health records
May 25, 2022
ARNPRIOR, Ont. – Arnprior Regional Health says a cyber-attack compromising data dating back decades has taken place. The health network became aware of the hack on its IT system on Dec. 21, 2021. Information affected includes patient names, dates of birth, contact information, health card numbers, recent hospital visits, and diagnoses.
ARH said the earliest information accessed dates back to April 1996 and could affect a wide range of patients in Arnprior, including those who visited the local emergency room, people who had a COVID test or attended mass vaccination clinics in Renfrew County, as well as people who have been on physician waitlists or who were contacted by flu shot clinics.
Located in eastern Ontario, Arnprior Regional Health (ARH) includes: Arnprior & District Memorial Hospital, the Grove Nursing Home, the Primary Health Care Centre, community-based services, and linkages with partners across the region to bring healthcare services to local communities.
A full list of those whose data my have been compromised can be found on the Arnprior Regional Health website.
According to a notification on the website, “It is important to note that the Electronic Health Record system was not impacted, and we experienced no disruption to the delivery of healthcare or other services we provide. There is no evidence of further misuse of the data, and we have received assurance that the data has been deleted.”
“Upon discovering the incident, we retained cyber forensic experts to conduct a comprehensive investigation.”
The notification was signed by ARH president and CEO Leah Levesque.
The hospital said that, “Going forward, we are taking a number of additional measures to strengthen our systems. Working in collaboration with our internal IT team and external IT experts, we are continuing to invest in leading edge technologies to protect our systems and data from ever-growing cybersecurity threats.”
It also informed the Information and Privacy Commissioner of Ontario (IPC) about the breach.