Cyber Incident Victim: Medisys Health Group

On August 31, 2020, Medisys Health Group and its affiliate Copeman Healthcare detected a security breach involving unauthorized access to client data. The Montreal-based medical service providers, operating under Telus Health, determined that approximately 60,000 client files containing personal information had been compromised. The organizations opted to pay an unspecified ransom amount to retrieve the accessed data, though the exact nature of the attackers' demands and payment terms were not disclosed publicly. Internal privacy officials at Medisys were formally notified of the breach on September 4, four days after its initial discovery. The companies initiated customer notifications the following week, though the specific communication methods and timelines for individual notifications were not detailed in available reports. No technical specifics regarding the attack vector, duration of unauthorized access, or data encryption status were confirmed in public statements.

The incident impacted clients across both Medisys Health Group and Copeman Healthcare, though the distribution of affected individuals between the two entities remained unspecified. The compromised files contained personal information, but the precise data elements exposed—such as medical records, financial details, or identification documents—were not enumerated in disclosed information. The breach prompted operational responses including engagement with privacy authorities and implementation of undisclosed remediation measures. No information was released regarding whether law enforcement agencies were involved in the investigation or whether third-party cybersecurity firms assisted in the response. Customer notifications continued after the initial disclosure period, though the total timeframe for completing all client communications and any subsequent regulatory filings were not publicly documented.