Cyber Incident Victim: Arnprior Regional Health
Date:
Dec 2021
Location:
Canada
Summary
A cyberattack compromised the IT system of Arnprior Regional Health, with unauthorized access detected through unusual activity prompting immediate response efforts. The organization confirmed data theft but reported no impact on its Electronic Health Record system or healthcare services, including surgeries, emergency care, and long-term care programs. While the investigation confirmed exfiltrated data was linked to ARH, specific content remained under review, and the institution declined to disclose whether attackers maintained system access, their identities, origins, or any communication attempts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 21, 2021, Arnprior Regional Health (ARH) detected unauthorized access to its IT system after observing unusual activity, prompting immediate action by its technical team. The organization publicly confirmed the cyberattack the same day through a website statement, disclosing that data connected to ARH had been exfiltrated but emphasizing that its Electronic Health Record system remained unaffected. An investigation launched by ARH confirmed the data theft, though the specific contents and scope of the compromised information remained undetermined at the time of the initial announcement. Despite the breach, ARH maintained uninterrupted healthcare services, including scheduled surgeries, community programs, long-term care operations, and 24/7 emergency department access. The organization updated its public statement on December 27, 2021, reiterating these operational assurances while continuing to investigate the nature of the stolen data. No evidence suggested the attack disrupted clinical care delivery systems or critical infrastructure supporting patient services.
ARH did not disclose whether the attackers retained persistent access to its systems following the initial breach detection, nor did it provide details about the threat actors' identities, geographical origins, or methods of intrusion. The organization declined to respond to media inquiries from Metroland, filed after the December statements, regarding potential communication from the attackers or their ongoing access to ARH networks. The absence of confirmed details about the compromised data types left patients and stakeholders without specific guidance about potential personal information exposure risks. Throughout the incident response, ARH maintained public communication solely through its website updates, avoiding direct engagement with press questions about technical aspects of the breach. Healthcare operations continued without modification, as the attack exclusively targeted administrative IT systems rather than clinical care platforms. The investigation remained ongoing as of January 17, 2022, with no further public updates from ARH regarding forensic findings or data recovery efforts.