MastodonTech.de

Dissent Doe :cupofcoffee:With great thanks to <a href="https://infosec.exchange/@masek" class="u-url mention" rel="nofollow noopener" target="_blank">@masek</a> and <a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener" target="_blank">@JayeLTee</a> and others who assisted or tried to, including Rogers ISP and law enforcement in Canada, we can finally say:Bolton Walk-In Clinic patient data leak locked down! Read about this very frustrating effort to get exposed patient data locked down:<a href="https://databreaches.net/2025/06/30/bolton-walk-in-clinic-patient-data-leak-locked-down-finally/" rel="nofollow noopener" translate="no" target="_blank">https://databreaches.net/2025/06/30/bolton-walk-in-clinic-patient-data-leak-locked-down-finally/</a><a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#healthsec</a> <a href="https://infosec.exchange/tags/PHIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHIPA</a> <a href="https://infosec.exchange/tags/HIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#HIPA</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#incidentresponse</a> <a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#dataleak</a>

Dissent Doe :cupofcoffee:<a href="https://infosec.exchange/@masek" class="u-url mention" rel="nofollow noopener" target="_blank">@masek</a> <a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener" target="_blank">@JayeLTee</a> For the life of me, I cannot understand why this got kicked over to the anti-rackets branch, but thank you for what you managed to accomplish. I will post an update to this leak on my blog sometime this week, but in the interim:Any patients of the Bolton Walk-In Clinic should consider filing a complaint with the provincial Privacy Commission and requesting an investigation into the clinic's failure to comply with medical privacy laws such as PHIPA. IMO, the IPC should also be asked to require the clinic to notify every patient whose unencrypted information was exposed. Additional details about earlier efforts by <a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener" target="_blank">@JayeLTee</a> and I to get this leak secured can be found in my post at <a href="https://databreaches.net/2024/12/03/bolton-walk-in-clinic-in-ontario-lock-down-your-backup-already/" rel="nofollow noopener" translate="no" target="_blank">https://databreaches.net/2024/12/03/bolton-walk-in-clinic-in-ontario-lock-down-your-backup-already/</a><a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#dataleak</a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#incidentresponse</a> <a href="https://infosec.exchange/tags/PHIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHIPA</a> <a href="https://infosec.exchange/tags/Ontario" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ontario</a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#healthsec</a>

Dissent Doe :cupofcoffee:The Information and Privacy Commissioner of Ontario has completed a review into Daixin Team's massive cyberattack on five regional hospitals in 2023 and found hospital officials acted “adequately.”Perhaps the most notable aspect of the report (from my perspective) was that the IPC said the hospitals were obligated to notify patients whose data had been encrypted (and not just those whose data had been exfiltrated). They saw no point in requiring that now, but wanted it noted that it should have happened.So that seems to be making PHIPA's interpretation clearer for future victims of encryption incidents. The full report makes an interesting read. PHIPA Decision 284: <a href="https://decisions.ipc.on.ca/ipc-cipvp/phipa/en/item/521986/index.do" rel="nofollow noopener" translate="no" target="_blank">https://decisions.ipc.on.ca/ipc-cipvp/phipa/en/item/521986/index.do</a><a href="https://infosec.exchange/tags/PHIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHIPA</a> <a href="https://infosec.exchange/tags/notification" class="mention hashtag" rel="nofollow noopener" target="_blank">#notification</a> <a href="https://infosec.exchange/tags/incidentmanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#incidentmanagement</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a>

Dissent Doe :cupofcoffee:Unbelievable. Or maybe too believable...I previously posted about Bolton Walk-in Clinic in Ontario not locking down their patient data despite multiple responsible disclosure alerts (<a href="https://infosec.exchange/@PogoWasRight/113589181607493357" translate="no" rel="nofollow noopener" target="_blank">https://infosec.exchange/@PogoWasRight/113589181607493357</a>). Then I reported that Canada's cybersecurity agency contacted me and offered to help (<a href="https://infosec.exchange/@PogoWasRight/113589757905504474" translate="no" rel="nofollow noopener" target="_blank">https://infosec.exchange/@PogoWasRight/113589757905504474</a>).Well, they tried... but got no results either. Bolton Walk-In Clinic is still exposing patient data and didn't even do anything when contacted by Canadian federal police. If any Canadian news outlet would like to report on this, get in touch. <a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener" target="_blank">@JayeLTee</a> and I will share the information with you (yes, I just volunteered him too). 😂 Or if anyone is in the vicinity of their clinic, maybe stand outside with a sign that says, "Bolton Walk-In Clinic is leaking patient data and ignoring alerts!" That might get some attention... Bonus points if you get someone in a Santa outfit to stand outside their clinic with a sign that says "Bolton Walk-In Clinic is naughty -- they are leaking patient data." <a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#dataleak</a> <a href="https://infosec.exchange/tags/negligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#negligence</a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#healthsec</a> <a href="https://infosec.exchange/tags/PHIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHIPA</a> <a href="https://infosec.exchange/tags/HIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#HIPA</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/accountability" class="mention hashtag" rel="nofollow noopener" target="_blank">#accountability</a>

Dissent Doe :cupofcoffee:<a href="https://infosec.exchange/@hal8999" class="u-url mention" rel="nofollow noopener" target="_blank">@hal8999</a> <a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@brett</a> As the article notes, an offense under <a href="https://infosec.exchange/tags/PHIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHIPA</a> can potentially result in imprisonment.

Dissent Doe :cupofcoffee:A patient at Woodstock Hospital in Ontario wants to know why the hospital never referred an insider-wrongdoing breach to the police. It's a fair question considering that the improper access affected 56 patients and took place between January and May. <a href="https://www.woodstocksentinelreview.com/news/local-news/patient-frustrated-by-woodstock-hospital-privacy-breach" rel="nofollow noopener" translate="no" target="_blank">https://www.woodstocksentinelreview.com/news/local-news/patient-frustrated-by-woodstock-hospital-privacy-breach</a><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/PHIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHIPA</a> <a href="https://infosec.exchange/tags/OIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OIP</a> <a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@brett</a>

Dissent Doe :cupofcoffee:Updating: It looks like Akira removed their listing for Michael Garron Hospital in Toronto, but why they removed it and whether it will remain removed remains unknown:<a href="https://www.databreaches.net/michael-garron-hospital-confirms-some-employee-and-clinician-data-stolen-in-cyberattack-akira-claims-it-stole-882000-files/" rel="nofollow noopener" translate="no" target="_blank">https://www.databreaches.net/michael-garron-hospital-confirms-some-employee-and-clinician-data-stolen-in-cyberattack-akira-claims-it-stole-882000-files/</a><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#healthsec</a> <a href="https://infosec.exchange/tags/PHIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHIPA</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#incidentresponse</a><a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@brett</a> <a href="https://press.coop/@CBCNews" class="u-url mention" rel="nofollow noopener" target="_blank">@CBCNews</a>

Dissent Doe :cupofcoffee:Daixin contacted me last night that they wouldn't be dumping databases from Transform as quickly as they are busy working on something else. But then this morning I woke up to find a message that for now, they released 300 records from a database for now that they describe as "interesting." The data are sensitive and confidential info of named patients with their demographic info as well as health-related and account-related info. Many of these entries go back to service dates years ago, but they also included some current records. The records include dozens of fields including what service treated the patient (e.g., surgery, psychiatry) and when patients did not want any info given out about them to family or anyone. That ship has now sailed for them.<a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/PHIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHIPA</a> <a href="https://infosec.exchange/tags/HealthSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#HealthSec</a> <a href="https://infosec.exchange/tags/TransForm" class="mention hashtag" rel="nofollow noopener" target="_blank">#TransForm</a> <a href="https://infosec.exchange/tags/Sarnia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sarnia</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@brett</a> <a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener" target="_blank">@BleepingComputer</a>

Dissent Doe :cupofcoffee:Update: Sensitive patient data leaked from <a href="https://infosec.exchange/tags/TransForm" class="mention hashtag" rel="nofollow noopener" target="_blank">#TransForm</a> ransomware incident that affects <a href="https://infosec.exchange/tags/BluewaterHealth" class="mention hashtag" rel="nofollow noopener" target="_blank">#BluewaterHealth</a> and other Ontario healthcare entities:<a href="https://www.databreaches.net/update-sensitive-patient-data-leaked-from-transform-ransomware-incident/" rel="nofollow noopener" translate="no" target="_blank">https://www.databreaches.net/update-sensitive-patient-data-leaked-from-transform-ransomware-incident/</a><a href="https://infosec.exchange/tags/HealthSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#HealthSec</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/vendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#vendor</a> <a href="https://infosec.exchange/tags/PHIPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHIPA</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a><a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a> <a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener" target="_blank">@BleepingComputer</a> <a href="https://c.im/@BBC" class="u-url mention" rel="nofollow noopener" target="_blank">@BBC</a> <a href="https://press.coop/@CBCNews" class="u-url mention" rel="nofollow noopener" target="_blank">@CBCNews</a> <a href="https://infosec.exchange/@vxunderground" class="u-url mention" rel="nofollow noopener" target="_blank">@vxunderground</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#phipa