Ontario Government Knew of Health Agency Cyberattack Before Public Blame

Documents show the Ontario government knew about a ransomware attack on a health vendor a month before it publicly blamed the agency ^[1].

The revelation suggests a gap between the government's internal knowledge and its public messaging during a critical infrastructure breach. This discrepancy raises questions about transparency and the timing of public alerts regarding patient data security.

An Ontario Liberal MPP said the breach targeted a key vendor of Ontario Health atHome [1, 2]. The ransomware attack occurred in 2023 ^[2]. Despite the timing of the breach, the provincial government scolded the agency for a delayed alert ^[1].

Internal records indicate that the government was aware of the cyberattack one month before it shifted blame toward the agency ^[1]. The attack compromised a vendor essential to the operations of Ontario Health atHome, which provides home care services across the province ^[2].

The government's decision to publicly criticize the agency for the delay while possessing prior knowledge of the event has become a point of contention for opposition members. The Liberal MPP said the documents expose a timeline that contradicts the government's public narrative regarding the response to the 2023 incident [1, 2].

Ontario Health atHome relies on third-party vendors for various digital services. When these vendors face ransomware attacks, the potential for data exposure increases, creating a risk for thousands of patients receiving care in their homes ^[2].