1. What happened?

On June 5 2022, CVOS learned of unauthorized access to our IT system. Upon discovering the incident, we retained cyber forensic experts to secure our IT environment and conduct a comprehensive investigation.

Our investigation has determined that data connected with CVOS has been taken, including the personal information of some current and former employees and patients.

We wish to assure you that the Electronic Health System was not impacted, and that we experienced no disruption to the delivery of healthcare or other services we provide. 

  1. How did the incident happen?

We are unable to confirm how the incident occurred, though we are investing in leading edge technologies to protect our systems and data from ever-growing cybersecurity threats. 

  1. How many people have been affected?

We are not able to share a specific number of people that have been affected. We are in the process of notifying those employees and patients whose personal information may have been impacted.

We wish to reiterate that the Electronic Health Record system was not impacted, and we remain committed to safeguarding the confidential and sensitive information in our records. As an organization we take cyber security very seriously and have numerous measures in place to protect our data. Thankfully, our team noticed unusual activity quickly and acted immediately.  

  1. If the Electronic Health Record was not impacted, how were patient files included in the breach?

The records impacted by this breach were used for operational and administrative purposes and are not stored in the electronic health record database.

  1. Are your healthcare services still impacted by this incident? Have your operations returned to normal?

We wish to assure you that we did not experience any disruption in the delivery of healthcare or other services we provide. We are investing in leading edge technologies to protect our systems and data from ever-growing cybersecurity threats. 

  1. I have been contacted by someone relating to this incident. What should I do?

If you are an employee, please speak to your supervisor. If you are a patient, please contact us at incident@cvomfs.com

  1. How could you let this happen?

This was a sophisticated attack, similar to countless incidents that are happening across North America. This matter is of the utmost importance to CVOS and has been treated as our highest priority. We regret any inconvenience this may have caused you.

  1. What type of information was accessed?

Information about the types of personal information that may have been accessed can be found by CLICKING HERE.

  1. Has the data been misused?

It is important to note that the Electronic Health Record system was not impacted, and we experienced no disruption to the delivery of healthcare or other services we provide. There is no evidence of further misuse of the data at this time.

  1. What can I do to find out if my own data was impacted?

CVOS has set up a dedicated channel to answer any questions you might have regarding this incident. Please contact us at incident@cvomfs.com.

  1. What is CVOS doing to prevent this from happening again?

Going forward, we are taking a number of additional measures to strengthen our systems. Working in collaboration with our internal IT team and external IT experts, we are continuing to invest in leading edge technologies to protect our systems and data from ever-growing cybersecurity threats.