Ford government scolded agency over cyber attack. Docs show it knew a month earlier

Senior staff in Ontario's Minister of Health office knew about a cyber attack on a government home care agency vendor more than a month before the public was informed, despite the government publicly criticizing the organization for not acting quickly enough. The government directed the agency to take action after an MPP raised concerns about a cyber attack on a vendor months earlier.

"Our government expects all service providers to uphold the highest standards of patient care, security and confidence," the Ministry of Health stated three months after Ontario Medical Supply experienced a ransomware attack. "This includes taking immediate steps to identify when there has been a cyber breach and to notify the Ministry of Health immediately. The fact that this process was not followed is unacceptable."

However, new documents obtained by Global News indicate the agency informed senior political staff and civil servants within days of confirming patient data was compromised. The ransomware infiltrated Ontario Medical Supply's systems in mid-March, with the attack occurring on April 13. Ontario Medical Supply notified Ontario Health atHome of a system outage the next day. It wasn't until May 21 that the vendor confirmed patient data was impacted.

“

Our government expects all service providers to uphold the highest standards of patient care, security and confidence. This includes taking immediate steps to identify when there has been a cyber breach and to notify the Ministry of Health immediately. The fact that this process was not followed is unacceptable.

Records suggest this information was rapidly shared with political staff and civil servants. A calendar invitation on May 23 was sent to six senior staff in Health Minister Sylvia Jones' office for a briefing on the "OMS system outage." The meeting, held on May 30, included Jones' chief of staff and the deputy minister.

"It’s astonishing to think that they were aware personal health information for hundreds of thousands of Ontario patients may have been compromised and they sat on that," said Ontario Liberal MPP Adil Shamji. "A government cannot lead, they cannot earn trust, they cannot solve problems if it is constantly running from the truth. The minister of health, Sylvia Jones, has always insisted she acted as soon as she knew. We now have incontrovertible evidence that the Ministry of Health actually did know." The Ministry of Health did not directly address questions about why patients were not immediately informed. A spokesperson provided a statement detailing the sequence of events after Ontario Health at Home was notified by OMS.

“

It’s astonishing to think that they were aware personal health information for hundreds of thousands of Ontario patients may have been compromised and they sat on that. A government cannot lead, they cannot earn trust, they cannot solve problems if it is constantly running from the truth. The minister of health, Sylvia Jones, has always insisted she acted as soon as she knew. We now have incontrovertible evidence that the Ministry of Health actually did know.