Secure your small business:
Apps → Data →

Canadian Nurses Association confirms data theft after group dumps stolen info

September, 2023
Quick definition  ⓘ
Why it matters: This breach matters because it underscores the persistent threat of cyberattacks on critical healthcare organizations and the potential consequences for patient data and privacy.
Number of data records exposed by cybersecurity breaches in 2021.

Key Points

    The Canadian Nurses Association (CNA), representing nearly half a million nurses, confirmed a data breach earlier this year after two hacker groups claimed responsibility. While the breach did not disrupt operations, sensitive data was stolen. The Snatch group subsequently leaked 37 GB of data, raising concerns about the extent of the breach and potential implications for CNA members.
© Leowolfert |

Quick Read

The Canadian Nurses Association (CNA), a vital organization representing nearly half a million nurses across Canada, is grappling with a recent data breach, confirming that sensitive data was stolen by hackers earlier this year. While the breach did not disrupt daily operations, it has raised significant concerns about data security and privacy within the healthcare sector.

The CNA experienced a security incident on April 3, leading to an immediate investigation and the engagement of third-party experts to address the situation. As a precaution, the association notified law enforcement authorities. The breach was attributed to two separate ransomware groups, Snatch and Nokoyawa, both of which claimed responsibility for the attack back in May.

On September 1, the Snatch group, which subsequently shifted its focus exclusively to data exfiltration and extortion without ransomware, released 37 GB of data stolen from the CNA. This data breach raises questions about the scope of information exposed and the potential implications for CNA members.

The situation has become more complex due to conflicting information about the identity and operations of the hacker groups. A Telegram channel with the same name as the Snatch group was created in July, causing confusion. In an interview, the group claimed it did not use ransomware during the attack on CNA, and it offered conflicting answers regarding its connection to the long-running ransomware group.

The situation became murkier as the group later asserted its distinctiveness from the ransomware gang of the same name. However, noted that both groups used the same URL for their leak sites, raising doubts about the differentiation.

This breach has broader implications for the healthcare sector, particularly in a time when the protection of patient data and privacy is paramount. The security of healthcare organizations, including nursing associations, is a critical concern as they hold sensitive medical records and personal information.

Meanwhile, the Snatch group has been actively asserting its involvement in a high-profile attack on South Africa's defense department. The hackers claimed to have stolen 1.6 terabytes of data during a six-month infiltration of the department's systems, causing significant concern about national security. South African authorities initially denied the attack, asserting that the breach was the work of cybercriminals within the cyberspace, rather than a direct intrusion. Nevertheless, several South African news outlets confirmed the legitimacy of at least some of the data leaked by Snatch.

This incident underscores the persistent threat of cyberattacks on critical healthcare and government organizations and serves as a reminder of the ongoing need for robust cybersecurity measures to safeguard sensitive data and patient privacy. It also highlights the complexities and challenges in identifying and responding to cyber threats, especially when dealing with increasingly sophisticated hacker groups.

Further Reading

—Jess Hofmann

Need Data Breach solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.


Thanks for reaching out! A Plurilock representative will contact you shortly.

What Plurilock Offers
SSO, CASB, and DLP with Real-Time Passive Authentication

More to Know

Quick Definition

A Data Breach is a situation in which information security has failed, enabling sensitive data of any kind to be accessed by unauthorized individuals despite whatever protections were in place. Data breaches have become a particular concern in recent years because such stolen data is often subsequently distributed widely, in particular on the dark web, where it is often aggregated and sold for illicit activity, identity theft, or further cyberattacks of various kinds.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.