The report includes 6 recommendations.
It is likely that the October 2021 cyber attack on health care could have affected everyone in this province. The Office of the Information and Privacy Commissioner (OIPC) released its report today. It said “the attack was by far the largest of its kind ever experienced in this province, and one of the largest in Canadian history to date, in terms of the number of people whose information was stolen, and the impact that it had across the health system.” Although Western Health was not identified as an impacted authority with notices being sent out to patients, it stated, “it is likely that the vast majority of the population of the province had some amount of personal information or personal health information taken by the cyber attackers, although the specific number may never be known.” It also said the information that was taken was highly sensitive and deserved the highest degree of protection, an attack like this was foreseeable, and the health authorities did not have adequate cyber security in place. Since the attack, added security measures have been put in place. The report highlights 6 recommendations, saying it took too long to inform people of the attack and the public was not notified sooner that it was a ransomware cyber attack. Also, notifications about the attack should have included more detail, namely that it was a cyber attack and personal information had been accessed.