Incident Announcement

Frequently Asked Questions (FAQ) 

What happened? 

On March 24, 2025, Brunswick Medical Centre (“Brunswick,” “we”) experienced a cyberattack that impacted some of its IT systems. That same day, we promptly engaged cybersecurity experts to contain the incident and to conduct an investigation, which is still ongoing. We can confirm that an unauthorized actor accessed and took personal information and health information of members of our community from our servers. Our employees and professionals have been directly notified of the incident. We will provide an update as soon as our data analysis allows. 

What about the data in the Electronic Medical Record (EMR)? 

Omnimed, the external platform that stores Electronic Medical Record (EMR) data, was not compromised during the incident. Therefore, the data housed on the platform at the time of the incident was not impacted. 

Did the incident impact patient care? 

Most appointments continued as scheduled, and care was delivered to our patients. However, some appointments in the Endoscopy department had to be temporarily postponed due to the incident. Services in these departments have since resumed, and all appointments will be honored. 

The incident occurred on March 24. Why are you disclosing it now? 

We understand the importance of timely communication. After discovering the cyberattack, our immediate priority was to contain the threat, secure our systems, provide care to our patients, and begin our investigation. Prior to sharing information with the public, it was critical for us to first understand the scope and impact of the incident and to avoid sharing inaccurate information. Now that we have a clearer understanding of what happened and who may have been impacted, we are disclosing the incident to our community and have begun notifying those impacted.  

Have authorities been notified? 

Yes. The Commission d’accès à l’information, Santé Québec, the Ministry of Health and Social Services, the Collège des médecins du Québec, the CIUSSS de l’Ouest-de-l’Île-de-Montréal, and law enforcement have been informed of the incident. 

Who is affected by this incident? 

The personal information of certain members of the Brunswick community—including patients, employees, and physicians—was taken during the attack. Our employees and professionals have been directly notified. Affected patients will be notified as soon as feasible after the data analysis is complete. 

What types of personal information may have been compromised? 

With respect to patients, personal information and personal health information may have been impacted. The analysis of the impact is still ongoing, and the affected patients will be notified as soon as it is complete. Our staff members and the professionals concerned have been notified directly. Other groups of individuals may also have been impacted, and we will ensure they are notified as soon as our analysis allows. 

What is Brunswick doing to address the situation? 

Comprehensive measures have been implemented to contain the incident and to prevent similar incidents from occurring in the future. An investigation is also underway in collaboration with external experts and individuals impacted by the incident will be notified. We have also informed the Commission d’accès à l’information, Santé Québec, the Ministry of Health and Social Services, the Collège des médecins du Québec, the CIUSSS de l’Ouest-de-l’Île-de-Montréal, and law enforcement of the situation. 

Groupe Santé Brunswick