Cyber Incident Victim: Rideau Valley Health Centre

On or around November 14, 2021, Rideau Valley Health Centre experienced a cyber security incident that significantly disrupted its operations. The incident impacted the clinic’s IT systems, including its phone system, impairing normal service delivery. Virtual phone appointments that had been pre-booked were canceled due to the disruption, while patients attempting to contact the clinic experienced delays stemming from higher-than-normal call volumes. Despite these challenges, the clinic indicated that most physicians remained able to attend previously scheduled in-person appointments. Emergency measures were implemented to address patient needs, including direct coordination with local pharmacies to provide emergency prescription supplies upon request. Some patients required redirection to alternative care providers due to the ongoing technical limitations. While the clinic’s initial assessment found no evidence that personal information had been accessed or acquired, it acknowledged that such determinations often evolve as investigations progress. The immediate operational priority centered on restoring system functionality to minimize further care interruptions.

The health center’s response focused on maintaining critical patient services while addressing technical outages. Communications emphasized contingency plans for prescription access and appointment management, reflecting efforts to mitigate disruptions to essential care. Service interruptions persisted due to unresolved system issues, with no public timeline provided for full restoration. The incident’s operational impacts underscored dependencies on IT infrastructure for core functions like appointment scheduling and communication. Investigations into the incident’s origin and scope remained ongoing at the time of reporting, with no attribution or specific threat vector disclosed publicly. Patient care continuity measures remained provisional pending system recovery efforts.