Skip to main content

Personal data of employees stolen during Toronto hospital cyberattack

Personal information of employees and clinicians were stolen during an October cyberattack at Michael Garron Hospital, officials confirmed this week.

In a statement posted to its website, the hospital in Toronto’s east end said the stolen data includes home addresses, social insurance numbers, and earning information for employees and clinicians employed from January 2015 to November 2023.

Bank account numbers for hospital employees were also breached.

“Given the nature of the information exposed, we will be providing all affected MGH employees and credentialed clinicians with a free, two-year credit monitoring service – a service that allows one to check for signs of identity fraud so protective action can be taken,” officials said in a statement.

It’s not exactly clear when this data breach occurred, but officials first notified the public on Oct. 26.

At the time, the hospital said it had initiated a Code Grey – a term which generally is used when there is a loss of key infrastructure at a hospital – in order to “facilitate the coordination of resources and business continuity.”

In its latest update, Michael Garron Hospital said that a “cyber threat actor group” perpetrated the breach, and that after receiving advice and council from third-party experts, they decided not to pay the ransom being asked of them.

“We know that some patients and donors are also affected by the incident, though it will take us time to analyze data to determine who is affected and how. We will continue to be transparent and will notify those affected as appropriate,” they said.

Five other Ontario hospitals were targeted in a ransomware attack in early November.

It’s unclear what data was stolen but officials did say that information from those hospitals were posted online, and could include some patient, employee and professional staff data had been compromised.

Michael Garron Hospital has previously said there is no known connection between the cyber attack at its facility and the five others. Top Stories

Stay Connected