Cyber Incident Victim: St. Amant Centre
Date:
Aug 2022
Location:
Canada
Summary
The St. Amant Centre, a Winnipeg not-for-profit supporting individuals with intellectual disabilities, experienced a data breach following an attempted ransomware attack on its computer network. The organization confirmed the incident, which compromised its systems but did not disclose specific details regarding the extent of data exposure or operational disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 23, 2022, the St. Amant Centre, a Winnipeg-based not-for-profit organization providing support to individuals with intellectual disabilities, experienced a cybersecurity incident involving unauthorized access to its computer network. The breach was publicly characterized by the organization as an attempted ransomware attack, though no specific threat actor group or attack vector was identified in available disclosures. St. Amant confirmed the intrusion occurred on the same date it was detected, indicating potential prompt identification of malicious activity. The organization issued an official statement acknowledging the compromise but did not disclose whether the attackers successfully deployed ransomware payloads, encrypted systems, or established persistent access prior to containment efforts. No details were provided regarding initial attack vectors, such as phishing attempts, exploited vulnerabilities, or compromised credentials that might have facilitated network access.
The incident prompted St. Amant to publicly disclose the breach through a formal release, though the notification did not specify whether patient data, employee records, or operational systems were accessed or exfiltrated during the intrusion. As a healthcare-adjacent organization handling sensitive personal health information, the breach raised concerns about potential exposure of confidential client records, though no evidence of actual data compromise was confirmed in available reports. The attempted ransomware designation suggests attackers sought to extort the organization but leaves unresolved whether encryption was partially deployed, blocked by defenses, or abandoned during the attack lifecycle. St. Amant did not disclose whether ransom demands were received, negotiated, or paid, nor did it describe technical containment measures such as network segmentation, system isolation, or forensic investigations conducted post-incident. The public disclosure emphasized the attempted nature of the attack without clarifying operational disruptions, recovery timelines, or secondary impacts on service delivery to vulnerable populations.