Search

Displaying 1 - 20 of 76

Toronto Public Library cyberattack: A wake-up call for stronger security

Toronto Public Library cyberattack: A wake-up call for stronger security … Case of Note: File MR23-00112 Background In November 2023, the Toronto Public Library (TPL) reported a cybersecurity breach to the Office of the Information and Privacy Commissioner of Ontario (IPC). The breach, which …

Resource

- Published on March 14, 2025

Innomar Strategies Cyberattack: Review of Security Practices and Recommendations

Innomar Strategies Cyberattack: Review of Security Practices and Recommendations … A cybersecurity attack on Innomar Strategies’ systems resulted in the exfiltration of a significant number of individuals’ personal health information. The threat actor(s) gained access to an affiliate through a …

Resource

- Published on March 6, 2025

Ensuring secure disposal of health records: Out of sight is not out of mind!

Ensuring secure disposal of health records: Out of sight is not out of mind! … Case of Note: PHIPA Decision 266 Background A complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health …

Resource

- Published on February 10, 2025

Toronto District School Board cyberattack: Recommendations for improved security

Toronto District School Board cyberattack: Recommendations for improved security … A social engineering attack at a TDSB high school led to the unauthorized access of personal information belonging to current and former students, parents and staff across several schools. The threat actor gained …

Resource

- Published on January 6, 2025

Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA

Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA … A cyberattack on the Toronto Public Library exposed vulnerabilities in its systems that contained a significant number of individuals’ personal information. Read the …

Resource

- Published on December 19, 2024

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter … Case of Note: PHIPA Decision 260 Background A public hospital was alerted to suspicious activity on a patient chart, and initiated an investigation, which included a targeted audit. The audit …

Resource

- Published on November 18, 2024

Commissioner’s letter to the Ministry of Health about proposed regulatory amendments under the Personal Health Information Protection Act

Commissioner’s letter to the Ministry of Health about proposed regulatory amendments under the Personal Health Information Protection Act … In her letter, Commissioner Kosseim recommends that the m inistry reconsider its proposal to better facilitate Ontarians’ easy and meaningful access to their …

Resource

- Published on September 9, 2024

Reported Breach HR23-00282

Reported Breach HR23-00282 … A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure …

Resource

- Published on August 14, 2024

Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an Appeal

Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an Appeal … Formerly Practice Direction #4. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an …

Resource

- Published on August 9, 2024

Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an Appeal

Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an Appeal … Formerly Practice Direction #3. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an …

Resource

- Published on August 9, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and cause harm to others. As these types of …

Resource

- Published on July 18, 2024

PR21-00041 - COVaxON Breach Final Report

PR21-00041 - COVaxON Breach Final Report … PR21-00041 - COVaxON Breach Final Report …

Resource

- Published on June 14, 2024

IPC response to Leader of the Official Opposition Marit Stiles’ request for investigation into government record-keeping practices outlined in Greenbelt report

IPC response to Leader of the Official Opposition Marit Stiles’ request for investigation into government record-keeping practices outlined in Greenbelt report … IPC response to Leader of the Official Opposition Marit Stiles’ request for investigation into government record-keeping practices …

Resource

- Published on May 24, 2024

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA … Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), …

Basic page

- Published on August 2, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Case of Note: PHIPA Decision 249 Introduction Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and …

Basic page

- Published on July 18, 2024

IPC letter on record-keeping concerns raised in Greenbelt report

IPC letter on record-keeping concerns raised in Greenbelt report … IPC response to Leader of the Official Opposition Marit Stiles’ concerns about government record keeping practices outlined in Greenbelt report … IPC letter on record-keeping concerns raised in Greenbelt …

Resource

- Published on August 29, 2023

How to Protect Against Ransomware

How to Protect Against Ransomware … This fact sheet from the IPC discusses how ransomware has become an increasingly dangerous threat to the security of electronic records and provides guidance on how public institutions and healthcare organizations can protect themselves against it. … How to …

Resource

- Published on October 13, 2022

Public interest disclosure

Public interest disclosure … Public interest disclosure …

Resource

- Published on September 29, 2021

Working from home during the COVID-19 pandemic

Working from home during the COVID-19 pandemic … Working from home during the COVID-19 pandemic …

Resource

- Published on July 23, 2020

Police record checks

Police record checks … Police record checks …

Resource

- Published on August 12, 2019