CVOS became aware in early June of an unauthorized access to our IT system. Our investigation has confirmed that a malicious cyber criminal may have accessed the personal information of some of our employees and patients.
It is important to note that the Electronic Medical Record system was not impacted, and we experienced no material disruption to the delivery of healthcare or other services we provide.
Upon discovering the incident, we retained cyber forensic experts to conduct a comprehensive investigation. Based on the investigation to date, CVOS can confirm that:
- If you were a patient at any CVOS location from January 2017 to April 2022, your name and the type of treatment you received may have been accessed.
- If you were a patient at any CVOS location from January 2012 to December 2016 your name and the type of treatment you received may have been accessed.
This matter is of the utmost concern to CVOS and is being treated as our highest priority. We apologize for the inconvenience this unfortunate incident may cause you.
Going forward, we are taking a number of additional measures to strengthen our systems. Working in collaboration with our internal IT team and external IT experts, we are continuing to invest in leading edge technologies to protect our systems and data from ever-growing cybersecurity threats.
CVOS has set up a dedicated email for this incident to answer any questions you might have. Please don’t hesitate to contact us at firstname.lastname@example.org with any questions you may have.
The Information and Privacy Commissioner of Ontario (IPC) has been notified of the breach. To file a complaint, please visit: https://www.ipc.on.ca/resources/forms/
Again, on behalf of CVOS, I want to emphasize that we are treating this matter with the utmost concern and apologize for any inconvenience this incident may have caused you.
Gavin Rouble, Managing Director
CVOS Oral Surgery