Cyber Incident Victim: Vancouver Coastal Health

On May 21, 2020, Vancouver Coastal Health discovered malicious ransomware within data systems associated with its Employee and Family Assistance Program. The health authority immediately initiated a response by engaging external cybersecurity experts to investigate the scope and nature of the incident. The investigation focused on determining whether unauthorized access or data exfiltration had occurred alongside the ransomware deployment. No specific details were disclosed regarding the ransomware variant, initial attack vector, or duration of unauthorized access prior to detection. Vancouver Coastal Health did not publicly confirm whether the ransomware disrupted operations, affected patient care systems, or encrypted data beyond the identified program. The organization also did not specify whether a ransom demand was received or paid.

Following the investigation, Vancouver Coastal Health publicly stated in July 2020 that it found “no evidence” that data had been stolen during the incident. The health authority did not elaborate on whether data was encrypted, destroyed, or rendered inaccessible by the attack, nor did it disclose remediation costs or operational recovery timelines. No further technical details about containment measures—such as network segmentation, system restoration, or forensic methodologies—were released. The public announcement emphasized the absence of confirmed data theft but did not address potential risks to employee or patient privacy beyond the Employee and Family Assistance Program. Vancouver Coastal Health did not attribute the attack to any specific threat actor or group in its communications.