A major data leak affecting at least 9,000 patients who consulted in Laval in 2022 occurred in recent months, announced the CISSS de Laval on Wednesday afternoon. The data leak allegedly came from a supplier to the CISSS de Laval, Segma Recherche.
The company “provides research and survey services to numerous public and private organizations,” we can read on its website. “Our company was hit by a ransomware attack last August,” confirms the general director of Segma Recherche, Marc Bouchard.
The CISSS de Laval asked Segma Recherche to carry out a survey of its users in order to find out their level of satisfaction with the health services received. A list containing 100,000 names of patients who consulted the CISSS de Laval between 1er July 2022 and December 31, 2022 had been provided to Segma Recherche. These patients consulted emergency rooms, surgery, medical imaging, mental health or an outpatient clinic at the Cité de la santé hospital in Laval during this period. People who received home care or who consulted the René-Laennec Mental Health Outpatient Center, in a CLSC or in a COVID-19 vaccination center in Laval between 1er July 2022 and December 31, 2022 are also covered.
Call for vigilance
The personal information of at least 9,000 patients was found on the “darkweb”, underlines the CISSS de Laval. “Personal information may include first names, last names, telephone numbers, reasons for consultation, services obtained, date of service provision and file number of users affected by this cyberattack,” indicates the CISSS in a press release released on Wednesday.
“As soon as we noticed the breach, we notified the competent authorities,” says Mr. Bouchard. According to him, there is nothing at this stage to “believe that there was any use of the data other than their publication” on the “darkweb”.
The CISSS de Laval specifies that the “security breach” at Segma Recherche has been repaired. But the establishment is launching a “call for vigilance” to its patients. “We are aware that this situation could cause concern and we take the situation very seriously,” says the CISSS de Laval.
At the Ministry of Health and Social Services (MSSS), it is stated that an investigation will be launched on this subject “in conjunction with the Ministry of Cybersecurity and Digital Affairs and the Commission for Access to Information”.