Ontario Entity Says Patient, Employee Information Affected Marianne Kolbasuk McGee (HealthInfoSec) • May 23, 2022 Arnprior Regional Health says a cyber incident in December affected patient and employee data – some of it decades old.
A cyberattack detected in December at a Canadian healthcare entity has compromised a wide range of data, including some patient information dating back to 1996, as well as employee vaccination records from last year. Some of the affected data belonged to a nonprofit group of affiliated clinicians.
Arnprior Regional Health, which includes a hospital, long-term health facility and other healthcare services in Arnprior, Ontario, Canada, says in a statement posted recently on its website that on Dec. 21, 2021, it learned of unauthorized access to its IT system in which data was “taken.”
“This was a sophisticated attack, similar to countless incidents that are happening across North America,” ARH says in a frequently asked questions document about the incident.
An investigation determined that data connected with ARH, including personal information of some current and former employees and patients, had been taken in the incident, the statement says.
ARH says 13 different – but some overlapping – categories of data were affected in the incident, including various groups of information pertaining to colonoscopies, COVID-19 and flu vaccinations, emergency room and in-patient satisfaction surveys, and