The Eastern Ontario Health Unit learned September 29 that it was a victim of a cyber attack.
"Our analysis of the hacking code suggests that the hackers accessed multiple websites maintained by the EOHU looking for credit card information which we do not collect. We immediately shut down our sites, changed the passwords, launched an internal investigation, and advised the Information and Privacy Commissioner of Ontario," the agency says.
"The hackers also sent an email using an EOHU account about a contest to win an iPhone. The hackers did not use our newsletter subscribers list, but rather uploaded and used their own distribution list. We were able to identify the recipients of the contest email and alerted them that it was not legitimate and that clicking on it may have infected their computers with malware."
October 12, the investigation found the hackers were able to access certain databases used to schedule appointments and log calls to the health unit.
"In most cases, the information to which the hackers had access was limited to the caller’s name (first name and sometimes last name), appointment date, and purpose. In some cases, a telephone number but no other contact information was in the databases. Although these databases do not contain client medical records, some may contain notes. Where notes are sensitive in nature, and to the extent that we have contact information, we will reach out by telephone to affected individuals."
The health unit says it is "rebuilding, reconfiguring and incorporating new security measures into our websites to make them more secure against cyber attacks. We will also be consulting with web security specialists about any additional steps we can reasonably take to fortify our electronic information assets against attacks."
For questions, contact the Privacy Officer at 613-933-1375 or 1 800 267-7120 ext. 218 between 8:30 – 4:30 Monday to Friday.
If you believe that your privacy rights have not been handled properly, you can also contact the Information and Privacy Commissioner of Ontario at:
Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Telephone: 1 800 387-0073