​2020 News Releases

Update on eHealth Cyberattack and Potential Privacy Breach

In consultation with the Office of the Saskatchewan Information and Privacy Commissioner, eHealth Saskatchewan (eHS), the Saskatchewan Health Authority (SHA) and the Saskatchewan Ministry of Health are providing an update on the eHealth malware attack reported in January 2020 and advising Saskatchewan residents that a privacy breach of personal health information may have occurred as a result of the malware attack.

eHS, SHA and Ministry of Health take the safeguarding and protection of personal health information very seriously and immediately launched a months-long forensic investigation following the ransomware attack. Following the forensic investigation, eHealth advises that a breach of personal health information has potentially occurred. The breach impacted information on systems administered by eHS for the SHA and Ministry of Health.

While the forensic investigation rendered no evidence that personal health information was compromised, the investigation was unable to rule out a breach of personal health information. The inability to absolutely verify that no privacy breach occurred is leading to public notification of a potential privacy breach involving personal information or personal health information.

Upon discovery of the malware attack, eHealth Saskatchewan managed to contain and eliminate the malware and restore compromised files. However, the conclusion of a likely privacy breach follows findings in the forensic investigation that some files were sent to a suspicious IP address. Those files had been encrypted during the attack, and were restored from back-ups. Therefore, it is impossible to say with any accuracy precisely what information from the larger group of files was sent to the IP address.

eHS continues to monitor and scan the internet for any signs that Saskatchewan files have found their way into improper hands.  The latest six-week scan was completed in November and to date there continues to be no evidence to show this has happened.

The ransomware attack occurred after an employee in the health care sector opened a suspicious attachment in an email and malware was spread throughout Saskatchewan's IT system. This points to the limitations of cyber-security measures and the need for everyone to be extremely cautious about opening email attachments. This is particularly important at a government workplace, where sensitive information is held.

Since the malware attack eHS, SHA and Ministry of Health have intensified training for employees on the dangers of opening email with suspicious attachments. eHealth is also continuously making security upgrades to its IT network to strengthen the security environment.

All active SHA staff are required to take mandatory privacy training every three years or as directed. The SHA also has standard privacy and confidentiality policies, including requirements for staff to sign confidentiality agreements to help protect personal health information.

Since the malware attack eHS, SHA and the Ministry of Health have intensified training for employees on the dangers of opening email with suspicious attachments. eHS is also continuously making security upgrades to its IT network to strengthen the security environment. eHS has also recently procured a new program for providing IT security education to health system physicians and staff that will strengthen knowledge among health care workers about the steps they can take to better protect personal health information from malicious cyber-attacks.

The OIPC has advised eHS, SHA and the Ministry of Health that the malware attack and subsequent response are a topic of a forthcoming investigation report by the OIPC. eHS, SHA and the Ministry of Health await the final findings and recommendations of the OIPC to inform further action that will be taken to address the breach and protect the personal health information of Saskatchewan residents.

This ransomware attack can serve as a reminder to health system employees and every Saskatchewan resident to take these basic steps and protect their information:

  • Monitor all accounts and report suspicious activity immediately;
  • Update all security software and operating systems regularly since these update will include security patches and updated virus definitions, and;
  • Use complex passwords and different passwords for all accounts.

If you do suspect a breach of your personal health information, you can contact SHA's Privacy Office at privacy@saskhealthauthority.ca.

Anyone with a concern about privacy and protection of their personal health information can contact the Office of the Information and Privacy Commissioner:

For more information, contact:

Saskatchewan Health
Phone:(306) 787-4083
Email: media@health.gov.sk.ca

Media Relations
Saskatchewan Health Authority

eHealth Saskatchewan
Email: eHS.Communications@eHealthsask.ca

Posted 2020-12-22 11:12:53

Health Card Phone Call Warning - Media Statement

​eHealth Saskatchewan is asking Saskatchewan citizens to be very careful when giving out their health card numbers.

The warning comes after reports of several calls from an individual who says they work for eHealth. The callers say there is a problem with an account, and the health care number is required to fix that problem.

Normally, eHealth responds to concerns or questions from individuals. It does not make cold calls to poeple, asking for their health card number. 

eHealth CEO Jim Hornell says health card numbers are part of your digital identity and should be protected. 

"They're like a social insurance number," Hornell said. "You should be certain the person getting this information is legitimate."

If you think you have received one of these suspicious calls, please contact eHealth Saskatchewan at: 1-800-667-7551.

Posted 2020-11-22 22:00:31

Ransomware Update

​eHealth recently discovered that files from some of its servers had been sent to a number of suspicious IP address.  This came to light as part of normal and ongoing forensic analysis, started in the wake of the January 5th 2020 ransomware attack.

That analysis continues. 

The files exchanged were encrypted and password protected by the attacker, making it difficult to determine the exact content of those files.  Officials with the Ministry of Health and Saskatchewan's Information and Privacy Commissioner have been informed.

What we're doing:

  • All files have been restored through back-ups;
  • eHealth will continue its security analysis to determine if any further breaches have occurred;
  • eHealth has retained a specialized security firm tasked with scouring the internet for any signs that confidential information has been compromised;
  • Should it be determined that personal health information has left the organization, the public will be advised.

Until this discovery, eHealth had no evidence that any information had left its control during the ransomware event. Our on-going forensic and restoration efforts brought this new information to light.

We apologize for any concern this has caused to our customers and the people of Saskatchewan.

eHealth will continue to provide updates, should new information be discovered.

Posted 2020-02-07 08:46:11