Marney Carmichael reports on an incident in Ontario, Canada:
Halton region says a privacy breach at Allendale Long-Term Care Home in Milton exposed personal electronic health records from 2005 to this summer.
A cybersecurity incident in June of this year involving third-party software led to unauthorized access of residents’ personal data, including names, health details and health card numbers.
After learning of the potential breach in July and attempting to enhance its procedures the home worked with a security expert in September. Investigations revealed that “all electronic health data from 2005 to July 2024 may have been accessed.”
Read more at CHCH.
The home was originally told no personal information was involved, but learned later that it was.
There is a lot we do not yet know about this incident.
None of the media coverage of this incident has as yet named the type of software or vendor, or whether there was any known vulnerability that had not been patched at the time of the incident. Nor has any media outlet posed a question to the long-term care home as to why so much old data was connected to the internet without encryption.