Toronto Public Library cyberattack: A wake-up call for stronger security … Case of Note: File MR23-00112 Background In November 2023, the Toronto Public Library (TPL) reported a cybersecurity breach to the Office of the Information and Privacy Commissioner of Ontario (IPC). The breach, which …
Innomar Strategies Cyberattack: Review of Security Practices and Recommendations … A cybersecurity attack on Innomar Strategies’ systems resulted in the exfiltration of a significant number of individuals’ personal health information. The threat actor(s) gained access to an affiliate through a …
Ensuring secure disposal of health records: Out of sight is not out of mind! … Case of Note: PHIPA Decision 266 Background A complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health …
Toronto District School Board cyberattack: Recommendations for improved security … A social engineering attack at a TDSB high school led to the unauthorized access of personal information belonging to current and former students, parents and staff across several schools. The threat actor gained …
Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA … A cyberattack on the Toronto Public Library exposed vulnerabilities in its systems that contained a significant number of individuals’ personal information. Read the …
Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter … Case of Note: PHIPA Decision 260 Background A public hospital was alerted to suspicious activity on a patient chart, and initiated an investigation, which included a targeted audit. The audit …
Commissioner’s letter to the Ministry of Health about proposed regulatory amendments under the Personal Health Information Protection Act … In her letter, Commissioner Kosseim recommends that the m inistry reconsider its proposal to better facilitate Ontarians’ easy and meaningful access to their …
Reported Breach HR23-00282 … A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure …
Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an Appeal … Formerly Practice Direction #4. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Parties Whose Commercial or Business Information is at Issue in an …
Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an Appeal … Formerly Practice Direction #3. Repealed as of September 9, 2024. … Fact Sheet: Guidelines for Individuals Whose Personal Information is at Issue in an …
Ransomware reality: Case study in health care cybersecurity and recovery … Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and cause harm to others. As these types of …
IPC response to Leader of the Official Opposition Marit Stiles’ request for investigation into government record-keeping practices outlined in Greenbelt report … IPC response to Leader of the Official Opposition Marit Stiles’ request for investigation into government record-keeping practices …
Cyberattack response: Duty to notify individuals under PHIPA and CYFSA … Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), …
Ransomware reality: Case study in health care cybersecurity and recovery … Case of Note: PHIPA Decision 249 Introduction Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and …
IPC letter on record-keeping concerns raised in Greenbelt report … IPC response to Leader of the Official Opposition Marit Stiles’ concerns about government record keeping practices outlined in Greenbelt report … IPC letter on record-keeping concerns raised in Greenbelt …
How to Protect Against Ransomware … This fact sheet from the IPC discusses how ransomware has become an increasingly dangerous threat to the security of electronic records and provides guidance on how public institutions and healthcare organizations can protect themselves against it. … How to …