(file photo/CKOM News Staff)

By CKOM News Staff

No guarantee of privacy breach in year-old eHealth malware attack

Dec 22, 2020 | 1:34 PM

A year after a malware attack shut down the province’s eHealth branch, the province is warning residents that private health information may have been breached.

eHealth is the company that manages electronic records for the Saskatchewan Health Authority. On Jan. 6, the province revealed that a malware attack, in which internet-based thieves gain access to a network to exploit its data, had been levelled against the service. It would eventually emerge that the attack had been on-going for more than two weeks, with the perpetrators holding certain data ransom and demanding money to undo the damage.

The government quickly started what it calls a “months-long forensic investigation.” That work failed to confirm what eHealth had initially claimed: that no personal information or personal health information was breached.

“While the forensic investigation rendered no evidence that personal health information was compromised, the investigation was unable to rule out a breach of personal health information,” states a media release issued Tuesday. ” The inability to absolutely verify that no privacy breach occurred is leading to public notification of a potential privacy breach involving personal information or personal health information.”

The investigation revealed that some eHealth files were “sent to a suspicious IP address.” They were encrypted, but there is no way to know what information made its way into the hands of the attackers.

GST Holiday

Federal government's two-month GST holiday begins

14h ago

Imminent need

Council set to discuss possible location for homeless shelter on 15th Street

20h ago

International Spotlight

P.A.'s Howe one of 4 Sask. born players named to Canada's World Junior roster

Dec 13, 2024

The initial breach was the result of a “health care sector” employee opening a suspicious email attachment, opening the door to the malware. The media release notes that extensive training and security network upgrades have been put in place since then, and continuous scans of the internet have shown no evidence that any Saskatchewan files have been obtained by “improper hands.”

The release notes that the Office of the Saskatchewan Information and Privacy Commissioner will be issuing a report on the malware attack and the province’s response in the future.

Anyone concerned about privacy and protection of their health information can contact the privacy commissioner’s office at 1-877-748-2298 or by email at webmaster@oipc.sk.ca