On November 25, 2021, Headwaters discovered that our information technology (IT) system had been subjected to unauthorized access by cyber criminals. Our IT team took immediate preventative action by shutting down the internal system and access to the internet and our external partners. We immediately regained cybersecurity to support our investigation while simultaneously working with our IT staff to restore the system.
Through the course of the incident, the investigation and the restoration of the IT system, surgeries and outpatient services continued, and the Emergency Department remained open.
On December 8, 2021, the system was fully restored. We continued our investigation into what happened and what sensitive data was exposed. This involved a great deal of analysis supported by outside experts, and due to the complexity of this work, it took a significant amount of time to complete.
At this time, we can confirm that those who were impacted will be individually notified and provided with further information. We have no reason to believe that the data has been misused.
We have always worked hard to secure our patient and staff data. Following the incident, we implemented various additional controls such as multifactor authentication to all external connections to the network, procured a KnowBe4 phishing simulation tool, implemented a behaviour-based endpoint detection and response tool and hardened our firewall rules, among other actions.
We deeply regret that this has happened and provide assurance of our continued commitment to quality service and protection of the privacy and protection of our patients and staff.
Please refer to our Frequently Asked Questions for more information