Cybersecurity incident FAQs – Arnprior Regional Health

Arnprior Regional Health became aware in December 2021 of an unauthorized access to our IT system. Our investigation has confirmed that personal information of some of our patients was accessed. ARH hopes the following FAQs answer some of the most common questions about this incident.

1. What happened?

On December 21, 2021, Arnprior Regional Health learned of unauthorized access to our IT system. Upon discovering the incident, we retained cyber forensic experts to secure our IT environment and conduct a comprehensive investigation.

Our investigation has determined that data connected with Arnprior Regional Health has been taken, including the personal information of some current and former employees and patients.

We wish to assure you that the Electronic Health Record system was not impacted, and that we experienced no disruption to the delivery of healthcare or other services we provide.

2. How did the incident happen?

A third party gained unauthorized access to our IT systems. We are investing in leading edge technologies to protect our systems and data from ever-growing cybersecurity threats.

3. How many people have been affected?

We are not able to share a specific number of people that have been affected. We are in the process of notifying those employees and patients whose personal information may have been impacted.

We wish to reiterate that the Electronic Health Record system was not impacted, and we remain committed to safeguarding the confidential and sensitive information in our records. As an organization we take cyber security very seriously and have numerous measures in place to protect our data. Thankfully, our team noticed unusual activity quickly and acted immediately.

4. If the Electronic Health Record was not impacted, how were patient files included in the breach?

The records impacted by this incident were used for administrative purposes, such as reporting and patient satisfaction surveying, and are not part of the Electronic Health Record database.

5. Are your healthcare services still impacted by this incident? Have your operations returned to normal?

We wish to assure you that we did not experience any disruption in the delivery of healthcare or other services we provide. We are investing in leading edge technologies to protect our systems and data from ever-growing cybersecurity threats.

6. How could you let this happen?

This was a sophisticated attack, similar to countless incidents that are happening across North America. This matter is of the utmost importance to Arnprior Regional Health and has been treated as our highest priority. We regret any inconvenience this may have caused you.

7. What type of information was accessed?

If you received an individual notification by mail or email, the impacted data will be described in that communication. If you have only heard about this incident and are concerned that you may have been impacted, the Information about the type of personal information that may have been accessed can be found at: https://www.arnpriorregionalhealth.ca/incident/

8. Has the data been misused?

It is important to note that the Electronic Health Record system was not impacted, and we experienced no disruption to the delivery of healthcare or other services we provide. There is no evidence of further misuse of the data, and we have received assurance that the data has been deleted.

9. What can I do to find out if my own data was impacted?

Arnprior Regional Health has set up a dedicated call centre for this incident to answer any questions you might have: 1-833-806-1882

10. What is Arnprior Regional Health doing to prevent this from happening again?

Going forward, we are taking a number of additional measures to strengthen our systems. Working in collaboration with our internal IT team and external IT experts, we are continuing to invest in leading edge technologies to protect our systems and data from ever-growing cybersecurity threats.

11. Do I need to change my Health Card?

In general, it is not necessary to get a new personal health number as the risk to customers is low. In Ontario, protections are available for concerned customers by contacting Service Ontario at 1-800-267-8097.

12. Will my identity be stolen? What can I do to protect myself?

If you are concerned about identity theft, we encourage you to be vigilant and to mitigate any potential harm by taking the following steps to protect yourself:

Change and create strong passwords for any online accounts, in particular those that use or relate to your social insurance number.
Be cautious of any unsolicited communications via any channel (phone call, email, etc.) that ask for your personal information or refer you to a web page asking for personal information.
Avoid clicking on links or downloading attachments from suspicious emails.
Monitor your financial accounts. If you see anything you do not understand or that looks suspicious, or if you suspect that any fraudulent transactions have taken place on a credit or debit card, you should call your bank.
Report an incident to the appropriate authorities if you notice any suspicious activity.

Additional tips and resources for protecting your identity are available at https://www.priv.gc.ca/en/privacy-topics/identities/identity-theft/guide_idt/