Cyber Incident Victim: North Okanagan Pediatric Clinic

The North Okanagan Pediatric Clinic experienced a remote hacking attempt in late May 2020, compromising its local systems. While patient medical charts and records maintained solely in paper form remained unaffected, historical patient profile information stored digitally was potentially accessible during the breach. According to Dr. Michael Cooke, the compromised data included scheduling and billing details such as demographic information, personal health numbers, and billing codes for past patients. The attacker’s primary objective appeared to be encrypting system files for ransom rather than exfiltrating patient data, with no evidence confirming actual access to or theft of sensitive health information. Despite this uncertainty, the clinic acknowledged the theoretical risk posed by the intrusion due to the highly sensitive nature of the data involved.

In response, the clinic proactively notified all current and former patients of the potential privacy breach, prioritizing direct outreach to current patients. It also reported the incident to the RCMP and the Office of the Information and Privacy Commissioner of British Columbia. Affected individuals were advised to contact their financial institutions to flag accounts for potential fraudulent activity and to request free credit reports from Canada’s major credit bureaus. The clinic provided its contact number (250-558-5506) and the Privacy Commissioner’s office number (250-387-5629) for further inquiries. The breach occurred at the clinic’s location within the North Okanagan Neurological Association child development centre, though operational disruptions were not detailed. No additional technical specifics regarding the attack vector, containment measures, or system restoration were disclosed in the public advisory.