Downtown Toronto hospital investigating ‘data security incident’

A major downtown Toronto hospital is investigating what it calls a data security incident.

Michael Garron Hospital, part of a group of healthcare institutions called the Toronto East Health Network, said on its website that it learned of the incident earlier this week.

“We are actively investigating and assessing the impact of the incident with the support of third-party expert,” the statement says.

“At this time there are no known impacts to clinical applications or patient care services.” However, it makes no reference to employee data.

The hospital has set a Code Grey condition — meaning an IT emergency — to facilitate the co-ordination of resources and business continuity. It also also notified its partners, which may include IT providers as well as the province. 

“Out of an abundance of caution our teams are in the process of planning and implementing additional proactive measures to safeguard our data and information systems while the investigation is underway,” the statement says. 

The announcement comes the same week an attack on a shared IT services provider impacted five southern Ontario hospitals. On Thursday, the hospitals posted a notice that there was an IT outage still affecting some services, days after the attack was detected.

Michal Garron Hospital was hit by a ransomware attack in 2019. The attack started in the early hours of Sept. 25  when what it calls a virus was discovered on one of the IT systems.

The hospital has almost 3,000 staff, including more than 530 physicians. In January, it opened a new wing with 215 inpatient beds It also has new mental health facilities for children, youth and adults.

Although some cyber attackers shy away from going after hospitals to keep a low profile, others are happy to hit medical centres because they believe these institutions are more willing to pay to recover stolen or encrypted data. They may hope to get credit and debit card information of patients, although few Canadian hospitals will have that data because of our medicare system.