The Saskatchewan government says a privacy breach may have occurred in an eHealth malware attack in January 2020.
The malware attack happened after an employee in the health-care sector opened a suspicious attachment in an email.
Read more: eHealth files stolen in ransomware attack
The malware then spread throughout Saskatchewan’s IT system, officials said, and resulted in a ransomware attack.
eHealth said it managed to contain and eliminate the malware and restore compromised files after the attack was discovered.
A forensic investigation found that some files were sent to a suspicious IP address. Those were encrypted during the attack and later restored from backups, officials said.
However, they were unable to accurately determine what information was sent to the IP address.
“While the forensic investigation rendered no evidence that personal health information was compromised, the investigation was unable to rule out a breach of personal health information,” said a government statement.
“The inability to absolutely verify that no privacy breach occurred is leading to public notification of a potential privacy breach involving personal information or personal health information.”
eHealth said it continues to monitor the internet for any signs the files are in the wrong hands and said there is no evidence of this after its latest six-week scan was completed in November.
A number of measures have been brought in since the malware attack, officials said.
This includes intensified training for all employees on the dangers of opening suspicious attachments in emails and mandatory privacy training every three years, or as directed, for all SHA staff.
The Office of the Saskatchewan Information and Privacy Commissioner (OIPC) is also investigating the attack. eHealth, the SHA and the Health Ministry said further action may be taken based on the final findings and recommendations from the OIPC.