Cyber Incident Victim: eHealth Saskatchewan
Date:
Jan 2020
Location:
Canada
Summary
Hackers breached the first level of security protecting Saskatchewan’s eHealth records system, resulting in unauthorized access and a partial system lockdown that prevented government administrators from controlling affected components. The attackers issued a ransom demand to restore access, though the specific amount was not disclosed by the organization’s representative. This incident disrupted operational control of critical health information infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around January 4, 2020, hackers breached the first level of security protecting Saskatchewan’s eHealth records system. The intrusion occurred over a weekend, resulting in unauthorized access that locked the provincial government out of portions of its eHealth infrastructure. Attackers deployed a method that compromised initial security barriers, though specific technical details about the attack vector were not disclosed publicly. eHealth Saskatchewan, the agency responsible for managing provincial digital health records, confirmed the breach through its spokesperson Jim Hornell in statements to CTV News. The attackers issued a ransom demand to restore system access, though the exact financial amount and payment terms remained unspecified. This incident represented a direct operational disruption to eHealth’s services, though the full scope of affected subsystems or data repositories was not detailed in initial reports. No evidence emerged regarding actual exfiltration or manipulation of patient health records during this breach.
eHealth Saskatchewan’s leadership publicly acknowledged the security compromise and ransom demand but did not disclose whether officials engaged in negotiations with the threat actors. The agency’s response focused on confirming the breach’s occurrence rather than detailing containment procedures, system restoration timelines, or potential impacts on healthcare delivery. Jim Hornell’s statements verified the attackers achieved sufficient access to lock administrators out of critical components, indicating a disruption to normal system administration functions. No information was provided about coordination with law enforcement, cybersecurity firms, or other external response partners. The incident highlighted vulnerabilities in the system’s perimeter defenses while leaving broader questions unanswered regarding the duration of the outage, depth of penetration, or potential secondary effects on healthcare providers relying on eHealth infrastructure. Saskatchewan’s health network faced operational uncertainty due to the forced system lockdown, though specific consequences for patient care or data integrity remained unquantified in available reporting.