Hackers Reportedly Steal, Ransom Data Of More Than 80,000 Home Care Patients

In a bizarre and developing story, as many as 80,000 patients in Canada may have had detailed medical, financial and personal records stolen by a hacker group after it infiltrated the computer systems of home care services provider CarePartners.

Ontario-based CarePartners, which has provided government-sponsored personal, rehabilitation and nursing care services to hundreds of thousands of patients over the years, announced the breach in June. At the time, the home care provider and cyberattack victim claimed “sophisticated actors” had “inappropriately” gained access to and held information pertaining to the personal health and finances of its patients and employees.

To determine the full extent of the breach, CarePartners announced it had retained the services of cybersecurity firm Herjavec Group.

Now, about a month after the initial cyberattack, CBC News is uncovering additional details—with the help of the hackers.

According to a CBC News report, a group claiming responsibility for the breach reached out to the news outlet and provided a sample of the data it had allegedly accessed.

The sampled data reportedly included thousands of patient medical records with phone numbers, addresses, dates of birth and health care numbers. The data included extensive medical histories, CBC News reported, complete with information on conditions, diagnoses, surgical procedures, care plans and medications prescribed.

The sampled data also reportedly shows that more than 140 active patient credit card numbers, expiration dates and security codes had been stolen.

Overall, the data appears to contain names and contact information for more than 80,000 patients in total, according to CBC News, though the hacker group says the breach was actually far larger in scope.

“This data breach affects hundreds of thousands of Canadians and was completely avoidable,” the group told CBC News. “None of the data we have was encrypted.”

The news outlet contacted 10 patients whose records were included in the provided sample and confirmed that they had been patients of CarePartners. All 10 patients said they had not been directly notified by the home care provider and were unaware there had even been a breach.

“We are concerned that the cyber-attackers may be using the CBC to further their own extortion agenda,” CarePartners said in a statement published by CBC News in its report. “It is a common strategy of cyber-attackers to contact media in an effort to embarrass and shame their victims.”

Besides stealing patient data, the hacker group says it is holding the stolen information for ransom.

“We requested compensation in exchange for telling them how to fix their security issues and for us to not leak data online,” it said.

The cyberattack is being investigated by the Office of the Information and Privacy Commissioner of Ontario.

The CarePartners hack is not the first time in-home care providers have had their networks compromised.

In 2015, Amedisys, Inc. (Nasdaq: AMED) notified state and federal agencies—as well as 6,909 individuals—that personal information was possibly subject to a data breach. The incident was linked to missing encrypted computers and laptops belonging to former employees.

Cybersecurity attacks and health plans

U.S. health plans have reported 24 breaches so far in 2018, compared to 15 during the same period in 2017, representing a 60% increase in the number of entities impacted, according to Fortified Health Security’s 2018 Mid-Year Report.

The total number of patients impacted by those breaches increased by more than 1,000%. Of the health plans impacted by a breach thus far in 2018, 38% were either state or city-affiliated health plans.

The 24 identified breaches have affected more than 884,000 individuals.

Fortified Health is a Tennessee-based cybersecurity firm.

Written by Robert Holly

Photo Credit:

Robert Holly on EmailRobert Holly on LinkedinRobert Holly on Twitter
Robert Holly
When Robert's not covering the latest in home health care news, you can likely find him rooting for the White Sox or roaming his neighborhood streets playing Pokemon Go. Before joining HHCN, Robert covered everything from big agribusiness to the hottest tech startups. 



By continuing to use the site, you agree to the use of cookies. More Information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this. For more information, see our cookie policy