Advertisement

Potential privacy breach of Saskatchewan health records in January 2020 malware attack

A breach of personal health information potentially occurred on systems administered by eHealth for the Saskatchewan Health Authority and the Ministry of Health. Jonathan Hayward / The Canadian Press

The Saskatchewan government says a privacy breach may have occurred in an eHealth malware attack in January 2020.

Officials said a breach of personal health information potentially occurred on systems administered by eHealth for the Saskatchewan Health Authority (SHA) and the Ministry of Health.

The malware attack happened after an employee in the health-care sector opened a suspicious attachment in an email.

Read more: eHealth files stolen in ransomware attack

The malware then spread throughout Saskatchewan’s IT system, officials said, and resulted in a ransomware attack.

eHealth said it managed to contain and eliminate the malware and restore compromised files after the attack was discovered.

Story continues below advertisement

A forensic investigation found that some files were sent to a suspicious IP address. Those were encrypted during the attack and later restored from backups, officials said.

However, they were unable to accurately determine what information was sent to the IP address.

“While the forensic investigation rendered no evidence that personal health information was compromised, the investigation was unable to rule out a breach of personal health information,” said a government statement.

“The inability to absolutely verify that no privacy breach occurred is leading to public notification of a potential privacy breach involving personal information or personal health information.”

Click to play video 'Cyber security experts say ransomware data breach in health care sector is a lesson for everyone' Cyber security experts say ransomware data breach in health care sector is a lesson for everyone
Cyber security experts say ransomware data breach in health care sector is a lesson for everyone – Sep 29, 2020

eHealth said it continues to monitor the internet for any signs the files are in the wrong hands and said there is no evidence of this after its latest six-week scan was completed in November.

Story continues below advertisement

A number of measures have been brought in since the malware attack, officials said.

This includes intensified training for all employees on the dangers of opening suspicious attachments in emails and mandatory privacy training every three years, or as directed, for all SHA staff.

Read more: Malicious software found in Microsoft systems, related to U.S. cyberattack

The Office of the Saskatchewan Information and Privacy Commissioner (OIPC) is also investigating the attack. eHealth, the SHA and the Health Ministry said further action may be taken based on the final findings and recommendations from the OIPC.