Recent Cybersecurity Incident

In mid-March, we identified a cybersecurity incident in which an external party gained access to an application in our IT systems. We discovered the incident after an alarm was triggered. We immediately undertook countermeasures to prevent any further unauthorized access or activity and decommissioned the impacted application. We retained third-party cybersecurity experts to assist with containment and remediation, and to conduct a forensic investigation to determine the cause and extent of this incident. Following their investigation, no evidence was found that files contained within the application had been accessed or extracted. Since this incident, 2 other attempts to breach our IT infrastructure have been made. These attempts were unsuccessful because of our existing security measures.  

The organization has measures in place to guard against unauthorized or unlawful access to the confidential and personal information that we hold — none of which includes personal health information. We use physical, electronic, and administrative security controls to protect this information, including encryption, firewalls, authentication processes, access controls, secure office premises, and regular reviews of policies and procedures to keep pace with best practices. Before this incident, we had recently completed a National Institute of Standards and Technology (NIST) Assessment to assess any vulnerabilities in our IT systems — this report’s recommendations are in the process of being implemented and will continue to be a top priority in the coming year.