The provincial agency overseeing Ontario's home care system was notified of a major data breaches in April, Global News, along with hundreds of thousands of affected patients, was generally notified more than two months ago.
Ontario Health Atome, a crown agency recently created by the Ford government, is under scrutiny after a cyber attack in which one of its vendors was wrapped for months to coordinate resources for home care and palliative patients.
The attack, which is believed to have affected as many as 200,000 patients, took place in March, but was revealed to the public only in late June.
Currently, agency officials have confirmed that they are aware of the cybersecurity incident as early as April 14, but were waiting until the end of May to notify Ontario's Information and Privacy Commissioner, as required by law.
“On April 14, Ontario Health Supply (OMS) notified Ontario Health Supply that it is experiencing a potential cyberattack that it has affected system outages and information systems and operations,” an Ontario Health spokesperson told Global News.
The latest revelation leads to accusations of “deceit” by health agencies, which indirectly reports to Health Minister Sylvia Jones.
The attack happened a few weeks ago
The scope of the March cyberattack remains unknown, but Ontario's healthcare supply claims it is unaware of the incident as its system did not drop until mid-April.
Get weekly health news
Receive the latest medical news and health information provided every Sunday.
Officials with Ontario Health Atome said about April 14 or around April 14, OMS discovered that the system was suffering from some kind of cyber violation, causing an investigation into the situation.
Ontario Health Atom confirmed that OMS finally included patient information such as “name, contact information, medical supplies, or equipment ordered,” over a month later, on May 21.
The agency notified the Ontario Information and Privacy Commissioner on May 30th. A few weeks after being initially told, nine days after the initial violation has occurred.
However, patients and the public were only notified on June 27, when liberal MPP Adil Shamji revealed that a cyberattack had occurred, causing the Ministry of Health to admit that the violation had occurred.
Timeline
March 17: OMS is suffering from cybersecurity incidents on or around this date, according to the Information and Privacy Committee. Pril14: Indicates that the OMS system has failed, a violation has occurred and health in Ontario is notified. Adil Shamji reveals the cyber incident, and the government orders Ontario Health Athome to confirm it and tell patients.
Shamji accused Ontario's health atom of being “incompetent” and “deceived” over the long delay.
“It's incompetent. It's also telling the deception,” he told Global News.
“The fact that Ontario Health Atom knew that the patient's health information had been compromised on April 14th. Still, they waited six weeks before submitting their report to the Information and Privacy Committee.
After Shamji revealed the cyber incident at the end of June, Health Minister Sylvia Jones said he “ordered” Ontario's health and notified that patient data could be affected.
The agency then notified the violation and created a phone number and email address for anyone involved to reach out to.
Shamji said the delay could have been dangerous for patients.
“There's a huge risk,” he said.
“The types of information that we have led to believe include patient diagnosis, address, name, email address information, prescription data, and more.
“All of these can be used to blackmail people and engage in phishing, identity fraud, or identity theft.”
&Copy 2025 Global News, a division of Corus Entertainment Inc.