Canadian healthcare chain Homewood Health has verified reports that its systems have been breached by attackers in early 2021, reported Insurance Business Magazine. The hackers stole and leaked information on the known hacker website Marketo.
The breach was found and reported by a cybersecurity researcher who notified IT World Canada about the attack on July 19. The researcher became aware of the incident when it found documents stolen from the company on Marketo.
A report by DataBreaches revealed that the leaked archive is 183 GB in size, but only a small sample was made available by the hackers.
Information obtained by the researcher was sent to IT World Canada, who said that the documents seemed to be contracted between the national health chain and the University of Lethbridge. The files also include a list of people working for the provincial worker’s compensation board.
While Homewood Health refused to confirm or deny the incident when it was first notified, it, later on, confirmed the hack through CTV News.
A spokesperson stated, “With the assistance of cybersecurity experts, we have been working diligently to understand how the information was obtained and what information has been affected.”
The company also named the Chinese hacker group Hafnium as the perpetrator of the attack that led to the stealing and leaking of its information. However, Marketo representative said that it was responsible for the attack.
Marketo also threatened to sell and leak the data unless the company is “willing to accept the responsibility of the leak.”
However, the company clarified that its client application system remains safe. According to its statement, “To date, neither Homewood Health nor its third-party cybersecurity experts have been able to find any evidence of any unauthorized access to any of Homewood Health’s client application systems.”
Meanwhile, the DataBreaches.net gained access to some of the files on the archive and decided to reveal more about the hack during the time that Homewood Health chose to stay silent about the issue.
In their analysis, it was shown that personal and sensitive information seems to be unencrypted and that full names, dates of birth, phone numbers, and other info can be seen.
An example given is a form filled out by “an employee of Canada post who was seeking counseling for their named child.” The form includes the client’s name, date of birth, organization, contact details, address, and situation.
DataBreaches.net redacted personal details, but without the redaction, malicious parties will be able to see them.