A health centre serving northern Quebec communities has confirmed that a Nunavik Health Centre cyberattack may have led to the exposure of sensitive clinical and administrative data. The Ungava Tulattavik Health Centre in Kuujjuaq said the incident occurred in November 2025 and remains under active investigation.
In a public statement, the organisation said malicious actors targeted its digital systems, prompting an immediate response from internal teams. Early assessments initially suggested that no sensitive information had been compromised. More recent findings, however, indicate that some files may have been accessed or removed during the intrusion.
The centre described the incident as a major cybersecurity event and said it is being handled as a top operational priority. Reinforced safeguards have since been introduced to strengthen the security of its systems and limit further risk following the Nunavik Health Centre cyberattack.
Possible exposure of clinical and administrative records
According to the health centre, the files potentially involved may contain clinical and administrative information related to certain patients and employees. Officials have not confirmed the exact scope of the data involved, noting that forensic analysis is still underway.
Once suspicious activity was detected, technical teams moved quickly to block the intrusion, close the point of access, and secure the broader network. These actions were aimed at preventing additional data loss and restoring confidence in system integrity.
The health centre acknowledged that incidents of this nature are often carried out by organised and experienced cybercriminal groups. This assessment has shaped its response strategy, with a strong focus on vigilance and rapid containment.
Investigation and coordinated response
The Ungava Tulattavik Health Centre is working alongside multiple organisations to investigate the incident and manage potential impacts. These include Santé Québec’s Cyber Defence Operational Centre, the Sûreté du Québec, and the Nunavik Regional Board of Health and Social Services.
As part of its response, the centre established a dedicated crisis unit to oversee coordination, communication, and recovery efforts. Enhanced monitoring tools have been deployed to improve visibility into network activity and detect any future threats more quickly.
Local leaders and financial institutions in the Nunavik region have also been informed. The health centre said this step was taken to ensure broader awareness and to support preventive measures following the Nunavik Health Centre cyberattack.
Guidance for users and employees
While the investigation continues, the health centre has urged patients and staff to take precautionary steps to protect themselves. These include regularly reviewing bank statements, monitoring online transactions, and remaining alert to unexpected phone calls or emails that request personal information.
Users have been advised not to share passwords, social insurance numbers, or credit card details over the phone or through unsolicited messages, especially after the Nunavik Health Centre cyberattack. The centre emphasised that such vigilance is important following any data security incident, even when the full scope of exposure is still being assessed.
Leadership at the organisation said it understands the concern such incidents can cause, particularly in a healthcare setting where trust and confidentiality are central. The executive director stated that protecting patient and employee information remains a core commitment and that updates will be shared as more details become available.
The incident highlights the growing cybersecurity challenges faced by healthcare organisations, especially those operating in remote regions with complex service demands. As digital systems become more integrated into care delivery and administration, the sector continues to face heightened risk from cyber threats such as the Nunavik Health Centre cyberattack.
For now, the Ungava Tulattavik Health Centre said its focus remains on completing the investigation, supporting affected individuals, and strengthening defences to reduce the likelihood of similar incidents in the future.
Visit more of our news! CyberPro Magazine
