Featured cases
Recent cases of note
Respondus exam proctoring software: Privacy concerns and recommendations
The Office of the Information and Privacy Commissioner of Ontario (the IPC) received a complaint about McMaster University’s (McMaster or the university) use of Respondus exam proctoring software under the Freedom of Information and Protection of Privacy Act (FIPPA or the Act).
Hospital cyberattack: IPC decision highlights breach response and security improvements
A public hospital notified the office of the Information and Privacy Commissioner of Ontario (the IPC) of a breach under the Personal Health Information Protection Act (the Act), as there had been a cyberattack against the hospital. After the hospital self-reported the breach, the IPC opened a file relating to this breach, and subsequently received four complaints from affected individuals.
Cyberattack of a prescribed person: IPC report highlights breach response and details the indirect notice method used to reach affected individuals
A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure file transfer server. The threat actors gained unauthorized access to the server by exploiting a zero-day vulnerability in the file transfer software, MOVEit, that was installed on this server.