A medical provides vendor, contracted by Ontario’s taxpayer-funded dwelling care company, paid out a ransom demand final 12 months, after its techniques had been accessed and information belonging to as many as 200,000 sufferers was locked, in response to an Ontario authorities company report.
In April 2025, servers belonging to Ontario Medical Provide — which works with Crown company Ontario Well being atHome to ship tools to homecare sufferers — had been locked after a ransomware assault.
A ransomware assault typically takes place when a malicious actor enters a system, stealing its information and locking them. A ransom is then demanded for the corporate to get entry to their information once more.
Whereas the Ministry of Well being initially mentioned no ransom had been demanded from or paid by both the federal government or Ontario Well being atHome, inner authorities paperwork reveal the total image.
Emails and different information obtained by International Information utilizing freedom of knowledge regulation point out {that a} ransom was paid — probably by the seller, OMS.
The revelation seems in a report submitted by Ontario Well being atHome to the Info and Privateness Commissioner in late Might 2025, with particulars of the ransomware assault together with affirmation that cash was paid to the attackers to regain entry.
Get weekly well being information
Obtain the most recent medical information and well being data delivered to you each Sunday.
“Different servers had been unencrypted with the important thing supplied upon cost of the ransom,” the report mentioned.
International Information tried to contact OMS by cellphone and e mail, however didn’t obtain a response forward of publication.
“We have now decided {that a} restricted quantity of incomplete information was exfiltrated throughout the incident … there is no such thing as a proof that any private monetary data or vital well being information was exfiltrated. There’s additionally no proof that any of the data has been misused,” the corporate mentioned in an announcement on its web site after the assault final 12 months.
“Safeguarding the private well being data entrusted to us is our high precedence, and we’re dedicated to supporting any prospects who’ve issues or might have been affected by this incident.”
Ontario Liberal MPP Adil Shamji has raised issues about whether or not the ransom was paid and if it, even not directly, concerned taxpayer cash.
“This constituted malicious actors with sinister pursuits shaking down our province and our health-care system,” he mentioned. “(It) solely underscores how swiftly the federal government ought to have acted with a view to fulfil their authorized obligation.”
The paperwork present that the ransomware is assumed to have first entered the OMS system round March 17. It was activated on April 13, when the corporate’s servers had been locked.
The report will not be clear when the ransom was mentioned to be paid to unlock the servers, however it took weeks for Ontario Well being atHome and OMS to try to work out what information had been compromised.
By Might 30, Ontario Well being atHome submitted a report back to the province’s privateness watchdog.
“OMS suggested {that a} ransomware variant had been used to infiltrate encrypted servers storing digital medical information,” the report, accessed utilizing freedom of knowledge legal guidelines, defined.
“Initially, OMS reported that no PHI gave the impression to be concerned. Their subsequent investigation, supported by their cybersecurity specialists, decided that there was PHI on the servers and that an ex-filtration of affected person data was discovered.”
The report mentioned that on the time OMS “had not been capable of establish particular sufferers affected” by the breach.
© 2026 International Information, a division of Corus Leisure Inc.
