Cyber Incident Victim: eHealth Saskatchewan

The ransomware attack on eHealth Saskatchewan began on December 20, 2019, when malicious actors infiltrated the provincial health agency's computer systems. The intrusion remained undetected for seventeen days as the malware propagated through the network. During this period, attackers exfiltrated highly sensitive personal and health information belonging to Saskatchewan residents. The unauthorized access continued until January 6, 2020, when the cybercriminals initiated their ransom demands by activating the ransomware payload. eHealth Saskatchewan discovered the breach at this stage through the attackers' extortion attempt rather than through internal security detection mechanisms. The compromised data included government-collected health records and personally identifiable information tied to provincial health cards.

Five months after containment efforts began, eHealth Saskatchewan publicly acknowledged critical gaps in their understanding of the incident's scope. Officials confirmed they had not determined precisely which datasets were accessed or stolen during the exfiltration period. The agency could not identify the perpetrators, establish the location of stolen data, or verify how compromised information was being exploited. This lack of forensic clarity persisted despite ongoing investigations into the seventeen-day network intrusion. The uncertainty surrounding the breach's specifics created significant risks for affected health card holders, leaving them vulnerable to potential identity theft and medical fraud without clear mitigation pathways. The incident represented a systemic failure in both intrusion detection and post-breach analysis capabilities within the provincial health infrastructure.