Isaac Callan and Colin D’Mello report that Ontario’s health minister is ordering atHome, a provincial agency, to immediately notify approximately 200,000 patients whose data may have been breached in a vendor’s cyberattack in March.
There appears to have been a breakdown in what should have happened, as the Health Minister reported that atHome had failed to notify her office about the breach or to inform patients who could be affected. Ontario Premier Ford appeared to suggest his office had not been informed, despite Ontario Health atHome telling the IPC about the breach a month earlier.
From what has been stated publicly, the breach happened in March at a vendor, Ontario Medical Supply. atHome knew by May 30 about the breach and reportedly did notify the province but did not notify any patients. The province did not investigate the incident thoroughly until Ontario Liberal MPP Adil Shamji sent a detailed letter to the province, describing the incident and its chronology, and inquiring why patients had not been notified of the breach earlier.
Read more at MSN.