REGINA — A report from Saskatchewan's privacy commissioner says more than 500,000 files with personal information could have been exposed in a ransomware attack on the province's electronic health information network.
The office started an investigation into the December 2019 cyberattack about a year ago.
It says the attack resulted in one of the largest privacy breaches in Saskatchewan and makes several recommendations to prevent a similar attack.
Commissioner Ron Kruzeniski says eHealth Saskatchewan is responsible for collecting, storing and protecting sensitive health data.
He says everyone has information with eHealth and it's reasonable that each person demand the highest level of security.
Recommendations include eHealth reviewing its security protocols and the health authority and ministry taking steps to improve mass notification systems.
The privacy commissioner's report says personal details and health information in up to 547,145 files were either exposed to the malware or maliciously stolen from eHealth, the Saskatchewan Health Authority and the Ministry of Health.
All three organizations have been asked to work together to provide identity theft protection for a minimum of five years to those affected by the breach.
A statement from Health Minister Paul Merriman said the government is deeply troubled by the findings.
"Saskatchewan people expect their personal health information to be secure and protected," he said Friday. "This expectation was failed when eHealth's systems were breached last December."
Merriman said the government takes the findings and recommendations seriously and will begin working to address them immediately. (CTV Regina, The Canadian Press)
This report by The Canadian Press was first published Jan. 8, 2021.