Notice to ClientsLast Updated: October 1, 2019
Updated Notice of Ransomware Incident:
This updated notice of ransomware incident follows our initial notice of May 1, 2019. Although we have no reason to believe that any client data has been accessed to date, we have taken action to address a ransomware incident that affected our computers on or around Sunday, April 21, 2019. After discovery of the incident, we launched an investigation, with the assistance of third party IT forensic investigators, to determine the nature and scope of the event and ensure the security of our systems. Ransomware is a type of computer virus (“malware”) that malicious attackers install on a computer system to prevent users from accessing the system unless a ransom is paid. We were unable to restore full access to the affected systems using back-up data. While we cannot rule out unauthorized access to the data on our systems, the investigation did not reveal any indications to suggest that the attacker actually accessed the data. Further, there was no conclusive evidence that data exfiltration (malicious removal of the data from the network) occurred. Additionally, we have received no reports of attempted or actual misuse of the data on our systems, which includes: client contact information, client financial information, client health information, and client employment information. Although we cannot determine precisely how the ransomware entered our system, we believe that it entered through a remote desktop computer program. Following the attack, we have upgraded our cybersecurity and data back-up programs to protect your information. This includes use of a secure remote desktop application that is designed to protect against ransomware attacks as well as protection software that includes browser surfing protection, email protection, and a secondary firewall. We have also instituted security and networking monitoring that adds a first response tracking and notification system of all network traffic. We now use internal encrypted backups on a daily basis and an encrypted cloud backup. Out of an abundance of caution, we are providing notice of the incident via our website, as well as to certain regulators. We take the security of information stored on our systems very seriously, and we understand this incident may cause concern or inconvenience. As a precautionary measure, we strongly suggest that you contact your bank, credit card company, and relevant government offices to advise them that you may have been affected by this breach. We recommend you monitor and verify all your bank accounts, credit card and other financial transaction statements for any suspicious activity. If you suspect misuse of your personal information, you can obtain a copy of your credit report from a credit reporting bureau to verify the legitimacy of the transactions listed.
If you are concerned that you may be a victim of fraud, you may request these bureaus place a fraud alert on your credit files instructing creditors to contact you before opening any new accounts. If your health card number has been affected by the breach, you should call eHealth Saskatchewan at 1-866-667-7551 or 306-787-3251 to report your lost or stolen health card number. You may also wish to review this publication from the Information and Privacy Commissioner of Ontario, Identity Theft: A Crime of Opportunity: https://www.ipc.on.ca/wp-content/uploads/Resources/id-theft-e.pdf If you have any questions about the incident, you can contact us by telephoning us at: 306-347-1999 Please note that we have moved business operations. Suzanne Funk is now providing physical therapy services at: Maternity and Wellness on Victoria, 606 Victoria Avenue, Regina, SK S4N 0R1. |