Telus-owned Medisys Health Group announced on Wednesday it had paid a ransom payment after hackers locked down client data of 60,000 users from its systems.
The company says the “security incident” happened on August 31, 2020, where it saw 5 per cent of its client profiles accessed. Medisys says it worked with “internationally-recognized cyber security and forensic experts,” on the situation, which ultimately resulted in payment made to hackers, “to securely retrieve the impacted data.”
Information affected from clients include name, address, phone number and email, while dates of birth and personal health numbers were also accessed “in some cases.” Others included test and consultation reports, along with prescription info. SIN numbers or financial information were not impacted says Medisys.
Medisys says the situation has been fixed and those affected will be contacted via email, or by letter through Canada Post.
As for why they paid the ransomeware? In a FAQ, the company explained, “our primary objective is to protect the privacy of our clients, and for that reason, we worked in collaboration with cybersecurity experts to retrieve the data securely by making a ransom payment.”
The company says it has cyber-security specialists monitoring the dark web, to ensure the client data is not on the internet. “Based on the information we have about this incident, the possibility of disclosure is low,” says Medisys, which operates medical clinics in B.C. and Alberta.
Medisys says they have alerted Privacy Commissioners on the matter and is currently offering free identify theft protection from NortonLifeLock for five years.
Telus acquired Medisys Health Group Inc. from Persistence Capital Partners back in August 2018, in a $146 million deal.