Skip to main content

Several Cornwall, Ont. hospital patient files corrupted in cyberattack

The Cornwall Community Hospital says several patient files were corrupted by a recent cyberattack but it has found no proof that any affected data has been misused.

The hospital first announced in April it was the target of a "cyber incident" that caused delays for scheduled and non-urgent care.

In an update Wednesday, the hospital says its investigation into the incident is concluding.

"Out of an abundance of caution, we want to make our community aware that many of CCH's files and records became corrupted, including some containing patient records, and several systems were left inoperable," a statement on the hospital's website says. "However, please be assured that CCH continues to closely monitor the situation and has not detected any malicious use of data. More importantly, CCH's Electronic Health Record System was not impacted."

The hospital says the corrupted records might contain some elements of patient data, including health card numbers, demographic information like birthdays, gender, and addresses, and other data.

Long-time patients of the hospital dating back to the 1950s should only have their health card and demographic data affected, but the discharge summaries, consultation notes and dietary information of patients who visited between May 8, 2020 and April 11, 2023 might also have been corrupted.

The hospital says that despite the data corruption, the original form of this information remains intact in its Electronic Health Record, which was unaffected by the breach.

The records of clients of one of CCH’s Addiction and Mental Health Community Programs who visited between 2017 and April 11, 2023 have been destroyed and are now inaccessible.

The hospital says although there is no evidence any patient data has been used maliciously, it is encouraging patients to be vigilant and monitor accounts for any signs of fraudulent activity. The Information and Privacy Commissioner of Ontario has been notified of the incident and the hospital says it has strengthened its networks.

"CCH will not contact you by email requesting you to provide or verify sensitive personal information," the hospital reminds patients. "When in doubt or if you have any concerns about the validity of any emails CCH sends, please contact us." Top Stories

Stay Connected