Major data breach at Queensway Carleton Hospital could affect 100,000 patients
The personal and health information of about 100,000 Queensway Carleton Hospital patients could be affected by a major data breach, the hospital said Friday.
The breach involves the hospital's use of an Ottawa company's cloud-based platform over a two-year period starting in March 2021.
That company, Aetonix, discovered early last month that an unauthorized third party gained access to an internal test environment where personal health information was stored, the hospital said in a statement on Friday.
"Following a thorough review of the incident, Aetonix’s forensic investigation has concluded that the incident may have resulted in your personal health information being accessed or copied by an unauthorized third party," the hospital said.
"Patient data that may have been impacted include: patient ID numbers, patient visit ID (Account/Encounter number), patient name, gender, date of birth, marital status, mother tongue, home address and postal code, phone number, email address, OHIP number and version, insurance policy number, health care providers, scheduled surgical appointments, past medical history, and procedure description."
The hospital said it has stopped using the platform and there's no evidence the information has been misused.
"QCH takes the privacy and security of personal information very seriously, and we sincerely regret that this incident occurred."
The hospital is sending individual letters to about 100,000 patients who may potentially be impacted. The hospital says its electronic medical records and patient portal were not impacted and no financial or banking information was accessed.
Anyone who got a COVID-19 vaccine at a QCH-affiliated clinic also wouldn’t be affected – that data was uploaded straight to provincial ministry of health servers.
"We want to stress that neither QCH nor Aetonix are aware of any misuse of this information and Aetonix’s investigation could not confirm whether any unauthorized person actually viewed or copied your information," the hospital said.
COMPANY NOTIFIED LAW ENFORCEMENT
In a statement, Aetonix said all data uploaded to its aTouchAway platform by Canada-based health care providers, patients and caregivers prior to Feb. 23 may have been compromised.
"This incident was a result of data being present in a location where it should not have been stored, and which should not have been accessible via the public web," the company said.
Aetonix said law enforcement was notificed on March 17. The Ontario and Alberta information and privacy commissioners, along with the Manitoba ombudsman, were informed on March 20.
The company said its platform is still safe to use.
The hospital was using the aTouchAway platform to provide virtual communication services, care pathways, and remote patient monitoring for QCH patients.
HOSPITAL RETAINS TRANSUNION
The Queensway Carleton says it has retained TransUnion, a consumer reporting agency, so affected patients can register for a credit monitoring service at no cost.
The service will provide unlimited online access to the TransUnion credit report, which is primarily used to detect identity theft or fraud. It also includes identity theft insurance.
For more information, you can read the hospital's public notice here.
DIFFERENT FROM OTHER BREACHES
Technology analyst Carmi Levy tells CTV News Ottawa that the breach at QCH differs from some breaches already seen in the past.
“Compared to other breaches that we’ve seen, this one is someone different because it doesn’t involve the organization itself,” he said.
"Because we live in a world where companies now subscribe to software, subscribe to technology services in the cloud, this is a major problem because no matter who you’re connected to, you have to ask yourself the question are they secure as well?"
Levy says people should watch their accounts of signs of suspicious activity, such as increased phishing emails or text messages.
Ottawa Health Coalition co-chair Ed Cashman says this breach should be a concern for everyone.
"Not just patients, but the government and the hospitals. The reason being this is happening too many times and it’s happening everywhere," he says. "Potentially, it's the most intimate details of your life that are being exposed."
CTVNews.ca Top Stories
More than 115 cases of eye damage reported in Ontario after solar eclipse
More than 115 people who viewed the solar eclipse in Ontario earlier this month experienced eye damage after the event, according to eye doctors in the province.
Toxic testing standoff: Family leaves house over air quality
A Sherwood Park family says their new house is uninhabitable. The McNaughton's say they were forced to leave the house after living there for only a week because contaminants inside made it difficult to breathe.
Decoy bear used to catch man who illegally killed a grizzly, B.C. conservation officers say
A man has been handed a lengthy hunting ban and fined thousands of dollars for illegally killing a grizzly bear, B.C. conservation officers say.
B.C. seeks ban on public drug use, dialing back decriminalization
The B.C. NDP has asked the federal government to recriminalize public drug use, marking a major shift in the province's approach to addressing the deadly overdose crisis.
OPP responds to apparent video of officer supporting anti-Trudeau government protestors
The Ontario Provincial Police (OPP) says it's investigating an interaction between a uniformed officer and anti-Trudeau government protestors after a video circulated on social media.
An emergency slide falls off a Delta Air Lines plane, forcing pilots to return to JFK in New York
An emergency slide fell off a Delta Air Lines jetliner shortly after takeoff Friday from New York, and pilots who felt a vibration in the plane circled back to land safely at JFK Airport.
Sophie Gregoire Trudeau on navigating post-political life, co-parenting and freedom
Sophie Gregoire Trudeau says there is 'still so much love' between her and Prime Minister Justin Trudeau, as they navigate their post-separation relationship co-parenting their three children.
Last letters of pioneering climber who died on Everest reveal dark side of mountaineering
George Mallory is renowned for being one of the first British mountaineers to attempt to scale the dizzying heights of Mount Everest during the 1920s. Nearly a century later, newly digitized letters shed light on Mallory’s hopes and fears about ascending Everest.
Loud boom in Hamilton caused by propane tank, police say
A loud explosion was heard across Hamilton on Friday after a propane tank was accidentally destroyed and detonated at a local scrap metal yard, police say.