Stolen Data from Ontario HealthCare Provider being held Ransom

2019, Breaches, February

Who: CarePartners

# of Records: 80,000 Patients

When it occurred: Breach happened in June 2018 — Extortion request February 4, 2019

What Happened: Hackers are attempting to extort the Ontario-based Care Partners provider for about $18,000 (5 bitcoins) to prevent the public release of employee and patient files

How it Happened: In June 2018, CarePartners reported a hack on its computer system, which breached some patient data and employee files. CarePartners has not confirmed the extortion attempt, they did update their privacy breach information page on February 4. All of the documents are revealed are encrypted and the hackers will only release the encryption key for 5 BTC.

Outcome: In response to these attempts and the increase in ransomware and DDoS attacks, the Office for Civil Rights provided guidance in January 2018 to help providers reduce extortion risk. Officials recommended organizations leverage risk analysis and management, as well as employee training and disaster recovery plans.