Sunday, September 26, 2021

National mental health and addiction treatment chain acknowledges data theft: CTV

The national healthcare chain whose data is being sold on the Marketo criminal marketplace, as first reported on IT World Canada, has now been identified by CTV News.

On Tuesday the broadcaster said Homewood Health Inc., which runs a number of mental health and addiction treatment clinics and residences in Ontario, British Columbia, Alberta and the Maritimes, as the institution whose data was being sold following a hack.

IT World Canada was tipped off that stolen documents were up for sale on the marketplace on July 19th by a researcher from a cybersecurity firm, and was shown copies of some of the documents posted on Marketo as proof of the theft of data. They appeared to be agreements between Homewood Health and the University of Lethbridge as well as a list of persons with a provincial workers’ compensation board.

When asked for comment by IT World Canada, a Homewood Health lawyer replied in an email marked ‘Confidential.’ Without official confirmation at that point the company wasn’t named when we described the data sale in general on July 21st.

Homewood Health, headquartered in Guelph, Ont., was founded 130 years ago. It says it has a network of over 4,500 employees and contracted clinical experts for medical treatment of mental health and addiction disorders. Programs offered include organizational wellness, employee and family assistance programs, assessments, outpatient and inpatient treatment, recovery management, return to work and family support services.

UPDATE: According to Databreaches.net, Homewood Health also has corporate and individuals clients in the U.S.

The teaser notice on the Marketo site advertising the Homewood Health data for sale says it includes finances, agreements, amendments, accruals, projects and databases.

In a statement to CTV, the treatment company said, “To date, neither Homewood Health nor its third-party cybersecurity experts have been able to find any evidence of any unauthorized access to any of Homewood Health’s client application systems.”

The statement blamed the breach on a group called Halfnium which has been exploiting vulnerabilities in Microsoft’s Exchange email server.

According to CTV News, among the victims of the data breach are BC Housing, a provincial Crown corporation that develops subsidized housing; TransLink, a Vancouver-area transportation authority; and the B.C. Provincial Health Services Authority.

Homewood Health told CTV the hackers had tried to extort the company over the copied information. CTV said it interviewed someone from Marketo who said, “We do not have the intention to harm customers or clients of this company. If the company understands and is willing to accept responsibility for the leak, there will be no publication. Otherwise, we are not responsible for the safety of this data.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News