Our investigations indicate that patient SIN numbers were not part of the information accessed: the cyber-attack involved unauthorized access to our computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number gender, phone number, security questions, and lab test results.