RE: Notification of a Cybersecurity Incident
In December 2021, KMH became aware of an incident in which some personal information was accessed from KMH corporate files by an unauthorized third party due to a ransomware attack.
Upon discovery of the incident, our external cybersecurity experts quickly contained the threat and began to conduct a comprehensive investigation.
What information was accessed?
The following information may have been accessed:
- Health card number
- Appointment date
- Appointment type
- Contact information including postal code, phone number, email address
KMH conducted an audit and established that the majority of patient information accessed was from the following years: 2013, 2014, 2017. There may be some patients up to and including 2021 that are impacted as well.
KMH does not keep SIN numbers or Credit Card information for any of its patients. Some former employee information that included SIN numbers was also accessed by the attackers.
At this time there is no evidence that the personal information listed above has been misused.
What has been done?
KMH has contacted the Information and Privacy Commissioner of Ontario about this matter as well as law enforcement. KMH has confidence in the security of our systems and feel we have done everything necessary at this time to continue operating safely. Going forward, we are actively monitoring our systems to help defend against future attacks of this nature and are working to enhance our cybersecurity and safeguards.
What can I do?
As an additional measure, we encourage you to be vigilant and report any suspicious activity to the appropriate authorities. Tips and resources for protecting your identity are available at https://www.priv.gc.ca/en/privacy-topics/identities/identity-theft/guide_idt/.
Questions or Inquiries:
If you have been a patient of KMH Cardiology, and you would like to inquire about your personal health information and how it might have been affected by this incident, please contact: email@example.com and provide your name and phone number.
You may also contact the Information and Privacy Commissioner of Ontario, 2 Bloor Street East, Suite 1400 Toronto, ON M4W 1A8, 1-800-387-0073 or firstname.lastname@example.org.