Ontario Medical Supply cybersecurity attack exposes personal data of 200,000 home care patients
Learn More
Ontario Medical Supply (OMS), a vendor servicing Ontario's home care system, is reporting a cybersecurity attack that exposed the personal health information of approximately 200,000 patients across the province.
The cause of this security incident was a cybersecurity attack that initially manifested as a system outage. The attack occurred on or around March 17, 2025. Ontario Medical Supply claims to have been unaware of the incident because the company's system didn't go down until mid-April.
On April 14, Ontario Medical Supply (OMS) notified Ontario Health atHome that it was experiencing system outages and a potential cyberattack impacting their information system and operations
Following an investigation by OMS, they notified Ontario Health atHome that the outage was a cybersecurity attack and health information had been breached.
The compromised personal health information included:
- Patient names
- Contact information (home address and phone number)
- Details of medical supplies or equipment ordered
The attack believed to have affected as many as 200,000 patients. The nature of the attack is not disclosed.
The incident has drawn criticism for the delay in notification. Ontario Health atHome was made aware of a cybersecurity incident as early as April 14, but waited until the end of May to inform Ontario's Information and Privacy Commissioner and until June 27 to tell patients.
CHEO has established dedicated communication channels for affected families, advising that if your child/youth receives home and community care and you have questions related to this breach, you can call us at 613-737-7600 ext. 3646 or email us at privacy@cheo.on.ca
