Updated September 30, 2020
On August 31, 2020, Medisys Health Group detected a security incident that involved the personal information of some of our clients.
We immediately launched a robust investigation with the assistance of internationally-recognized cyber security and forensic experts, while taking steps to secure all systems and prevent additional unauthorized activity. Our investigation revealed that this was a ransomware incident that affected approximately 5 percent of our client profiles.As our primary objective is to protect the privacy of our clients, we worked closely with cyber security experts to securely retrieve the impacted data by making a ransom payment. We have resolved the situation and our systems have been fully restored and are working normally. We apologize for any inconvenience and we want to assure our clients that we do not believe there is cause for concern. We are communicating with all affected individuals directly and are providing them with complimentary security protection services that include identity theft and fraud protection insurance.
Steps we have taken to protect our customers and patients:
The privacy and security of our clients’ data is of paramount importance. We sincerely regret this incident occurred and have taken these active measures to protect your health information:
- We isolated and secured the affected systems immediately;
- We worked with world-class cybersecurity experts to contain the attack and assist with our investigation;
- Engaged experts in cyber-ransom to support us through resolution;
- Securely retrieved the data by making a payment;
- Reported the incident to the RCMP; and
- Notified privacy regulatory authorities
We remain committed to the highest security standards and to continuously improving our systems to ensure that we have taken all reasonable steps to protect the security of our customers’ data from all known threats. We retrieved the data securely, and, in cases like this, cybersecurity experts indicate the risk of disclosure is low.
Our team is reaching out directly to all individuals whose information was affected. We have reached out to affected individuals for whom we have an email address. Those for whom we have no email address should receive a letter by Canada Post within approximately one week.
We have a dedicated toll-free number, 1-833-232-2011, available daily from 9 a.m. to 5 p.m. ET where we can answer your questions. If we can’t answer your questions, we will take your name for a return call with more details.
On August 31, we detected unauthorized activity in Medisys Health Group’s system. Our technical team took swift action to isolate and secure the affected systems and prevent additional unauthorized activity. We identified this as a cyber attack and engaged internationally-recognized cybersecurity experts and relevant authorities to support our investigation.
As our primary objective is to protect the privacy of our clients, in collaboration with cybersecurity experts we retrieved the data by making a ransom payment. We retrieved the data securely, and cybersecurity experts indicate that, in circumstances like these, the risk of disclosure is low.
The privacy and protection of our customers’ information remains our top priority. We deeply regret any concern this issue has caused and we remain focused on supporting our clients.
What information was impacted?
The personal health information that was affected consisted of certain demographic information such as name, address, phone number and email; in some cases it includes birthdate and personal health number and for certain others it includes test and consultation reports and prescription information.
We can assure you that no financial information or Social Insurance Numbers (SIN) were impacted.
If you are one of the affected patients, we will notify you directly about what information was impacted.
Is the issue resolved?
Yes, we have resolved the situation and our systems have been fully restored and are working normally. We apologize for any inconvenience this may have caused.
How do I know if I am affected or not?
If you are a current Medisys patient and are personally impacted, you will have received an email from us or should receive a letter via Canada Post within approximately one week.
Was any information lost?
We are confident that no information was lost. Our systems and databases are fully restored and operating as usual.
Is there a chance my information was altered or tampered with?
We confirmed that the data was not tampered with.
Why did you pay the ransomware?
Our primary objective is to protect the privacy of our clients, and for that reason, we worked in collaboration with cybersecurity experts to retrieve the data securely by making a ransom payment.
Did you have backup files?
Yes, we had backup files that were not affected by the incident and remain fully intact. We have a responsibility to protect all client data, which is why, in spite of having backup files, we securely retrieved and deleted the stolen data to significantly reduce the risk it would be disclosed.
How do you know that the information is not on the internet?
We engaged cyber-security specialists to monitor the Internet and the dark web. To date, there is no evidence that any information has been disclosed. Based on the information we have about this incident, the possibility of disclosure is low.
What are you doing to prevent this from happening in the future?
We deeply regret any concern this issue has caused you. We remain committed to the highest security standards and to continuously improving our systems to ensure that we take all reasonable steps to protect the security of our clients’ information.
Were the virtual care service or EMRs affected?
This incident did not impact the Medisys-on-Demand or our Electronic Medical Records (EMR) systems.
What have you been doing since August 31?
We had three main objectives throughout this investigation:
- 1. Secure the systems to prevent additional unauthorized access
- 2. Retrieve the affected data
- 3. Communicate with affected clients once we had the most complete information possible
While this was a very complex process, we worked quickly to resolve the issue. Our approach included working with internationally-recognized cybersecurity and forensics experts, which took time and effort to ensure we had a complete view of the situation. The privacy and protection of our clients’ information remains our top priority. We remain committed to the highest security standards and are taking all reasonable steps to protect our clients’ information.
Have you told the Privacy Commissioner about this?
Yes, we notified the Privacy Commissioners in the impacted jurisdictions when we first knew that personal information was involved in this incident. We have continued to keep them updated.
For all affected individuals, we are offering a complimentary identity theft protection service for a period of five years. NortonLifeLock™ is the most comprehensive online security package available in the Canadian marketplace today and is delivered and powered by NortonLifeLock™, a global leader in consumer cyber safety.
Do I have to sign up for NortonLifeLock™?
Yes, if you would like to take advantage of this offer, you must go to the Norton norton.com/myoffer in your notification email or letter, create an account and enter your personalized PIN. Follow the step by steps instructions through the NortonLifeLock™ website to complete the activation. The code must be activated by January 21, 2021. Click here for more information.