[BreachExchange] Telus Health's Medisys pays ransom to data hacker

[Destry Winant]

https://www.toronto.com/news-story/10213137-telus-health-s-medisys-pays-ransom-to-data-hacker/

TORONTO — The Medisys Health Group and its affiliate Copeman
Healthcare say they payed an unspecified ransom to retrieve personal
information for about 60,000 clients after detecting a security breach
on Aug. 31.

An email from Medisys head office in Montreal says privacy officials
were notified Sept. 4, four days after the breach was discovered, and
began notifying customers last week.

They say hackers got demographic information, such as ages and
addresses, and some personal health numbers but no financial
information or Social Insurance Numbers..

In some cases, test results, consultation reports and prescription
information was obtained but recovered after a ransom was paid..

Medisys and Copeman's websites -- which note they belong to Telus --
say their security consultants paid the ransom and confirmed the
hackers didn't tamper with the data.

However, cybersecurity experts say there's a black market for personal
information that can be bought, sold and traded by criminal
organizations.

The companies are offering affected clients five years of free
identity theft protection from a commercial provider -- a common
response when businesses are hacked..

"We apologize for any inconvenience and we want to assure our clients
that we do not believe there is cause for concern." a website notice
says.

An email from B.C.'s privacy commissioner confirmed that it's
investigating but unable to offer further comment.

Statements weren't immediately available from the federal or Ontario
privacy commissioners.

This report by The Canadian Press was first published Sept. 30, 2020.