TORONTO — A Toronto hospital network says about 150 patients have been affected by a data breach in which their medical records were allegedly used in an extortion attempt involving a third-party provider.
Unity Health Toronto said the incident involved a former employee with Nuance Communications, a company that transcribes clinical notes dictated by doctors at St. Michael’s Hospital.
The hospital network said it learned of the matter in May and notified patients last week.
“We take this matter seriously and have notified all impacted patients,” Unity Health Toronto said in a statement. “We apologize for any distress this may cause to the roughly 150 patients affected.”
The worker with Nuance Communications allegedly held on to patient records after leaving the company, Unity Health said.
In March, that person then allegedly attempted to use the records to get Nuance to pay him money, the health network said.
The records contained patient names, medical history, diagnoses and treatments, according to the network. It noted that no financial or health insurance information was included.
Nuance reported the incident to police and officers seized a computer believed to contain the patient information, the network said.
A court injunction was also issued to prevent the former employee from further accessing or sharing any information from the patient reports, the health network said.
Unity Health added that Nuance Communications had said it took steps to improve their information security practices.
St. Michael’s Hospital said it was conducting its own investigation and had reported the matter to Ontario’s privacy commissioner. It also said it was working with Nuance Communications.
Nuance Communications did not immediately respond to a request for comment.
This report by The Canadian Press was first published Oct. 8, 2020.
This story was produced with the financial assistance of the Facebook and Canadian Press News Fellowship.
Denise Paglinawan, The Canadian Press