home.social
Sign in Create account

#phipa — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #phipa, aggregated by home.social.

  1. Dissent Doe :cupofcoffee: @[email protected] ·

    With great thanks to @masek and @JayeLTee and others who assisted or tried to, including Rogers ISP and law enforcement in Canada, we can finally say:

    Bolton Walk-In Clinic patient data leak locked down!

    Read about this very frustrating effort to get exposed patient data locked down:

    databreaches.net/2025/06/30/bo

    #healthsec #PHIPA #HIPA #cybersecurity #infosec #incidentresponse #dataleak

    #healthsec #phipa #hipa #cybersecurity #infosec #incidentresponse
  2. Dissent Doe :cupofcoffee: @[email protected] ·

    The Information and Privacy Commissioner of Ontario has completed a review into Daixin Team's massive cyberattack on five regional hospitals in 2023 and found hospital officials acted “adequately.”

    Perhaps the most notable aspect of the report (from my perspective) was that the IPC said the hospitals were obligated to notify patients whose data had been encrypted (and not just those whose data had been exfiltrated). They saw no point in requiring that now, but wanted it noted that it should have happened.

    So that seems to be making PHIPA's interpretation clearer for future victims of encryption incidents.

    The full report makes an interesting read.

    PHIPA Decision 284:
    decisions.ipc.on.ca/ipc-cipvp/

    #PHIPA #notification #incidentmanagement #databreach #ransomware

    #phipa #notification #incidentmanagement #databreach #ransomware
  3. Dissent Doe :cupofcoffee: @[email protected] ·

    Unbelievable. Or maybe too believable...

    I previously posted about Bolton Walk-in Clinic in Ontario not locking down their patient data despite multiple responsible disclosure alerts (infosec.exchange/@PogoWasRight). Then I reported that Canada's cybersecurity agency contacted me and offered to help (infosec.exchange/@PogoWasRight).

    Well, they tried... but got no results either. Bolton Walk-In Clinic is still exposing patient data and didn't even do anything when contacted by Canadian federal police.

    If any Canadian news outlet would like to report on this, get in touch. @JayeLTee and I will share the information with you (yes, I just volunteered him too). 😂

    Or if anyone is in the vicinity of their clinic, maybe stand outside with a sign that says, "Bolton Walk-In Clinic is leaking patient data and ignoring alerts!" That might get some attention...

    Bonus points if you get someone in a Santa outfit to stand outside their clinic with a sign that says "Bolton Walk-In Clinic is naughty -- they are leaking patient data."

    #dataleak #negligence #healthsec #PHIPA #HIPA #cybersecurity #databreach #accountability

    #dataleak #negligence #healthsec #phipa #hipa #cybersecurity
  4. Dissent Doe :cupofcoffee: @[email protected] ·

    A patient at Woodstock Hospital in Ontario wants to know why the hospital never referred an insider-wrongdoing breach to the police. It's a fair question considering that the improper access affected 56 patients and took place between January and May.

    woodstocksentinelreview.com/ne

    #databreach #privacy #PHIPA #OIP

    @brett

    #databreach #privacy #phipa #oip