cbc news Canada reports that personal information of clients of a pregnancy care clinic in Ontario was leaked by hackers.
Windsor Midwives has reportedly contacted clients to inform them that one of their email accounts was compromised in April 2023, allowing hackers to gain unauthorized access to the following information:
- Customer Name
- date of birth
- mailing address
- email address
- telephone number
- Information about pregnancy
- Treatment/Diagnostic Information
- Prescription information
- Patient ID
- Health insurance information
Clearly, there is a lot of sensitive information that could be exploited by fraudsters.
The most basic attack may simply see a cybercriminal contact a victim via email or text message with a malicious link.
However, it is also possible for a determined fraudster to use the leaked information to trick more information from the victim and piece together more of an individual’s personal details, with the ultimate goal of conducting a more costly identity theft attack.
Equally concerning is the fact that the security breach occurred in April 2023, but the affected public did not find out about it until about nine months later. I’m sure I don’t need to tell anyone who has used midwifery services that a lot can happen in nine months…
cbc news It said it had contacted Ontario’s Information and Privacy Commissioner for more information and said in a statement that the breach was reported to it on Nov. 3, 2023, several months after the incident.
Indeed, in many cases, organizations may not realize that hackers have gained access to sensitive data for months on end. But if I were one of the midwives with clients in Windsor, I would be asking some tough questions about why it took so long to issue the warning, months after the privacy watchdog was notified.
Nancy Lefebvre is a worried victim who used midwifery services in 2020 and probably hadn’t paid much attention to the Ontario College of Midwives since then, until she suddenly received an email from them warning of the data. leakage:
“You go to a midwife for a higher level of intimacy, not to be part of a big company… and you think that’s not going to happen,” Lefebvre said. “It’s also concerning because there’s so much that could be done with this information during this time and it would have been nice to have known about it earlier.”
The Ontario College of Midwives said that upon learning of the incident, they “took immediate action to secure the email account and engaged third-party experts to assist with our investigation.”
Midwives Ontario has not shared any information about how many people may have been affected by the breach, but said it is not aware of any misuse of the leaked data.
Of course, it’s impossible for a breached organization like Midwives Ontario to definitively prove that there hasn’t been, or won’t be, any data misuse in the past nine months or so.
The practice advises patients to remain vigilant for “suspicious communications that may be related to this incident.”
The Ontario College of Midwives says on its website it is committed to protecting the privacy and confidentiality of individuals.
Links on the Midwives of Ontario website and official Facebook page direct customers to Outlook.com email addresses.
My hunch is that this is most likely an email address that was leaked by a hacker. I’d like to know if it’s protected with a strong, unique password and protected with 2-step verification?
