Dear Patients:
We write to advise that our clinic experienced a cybersecurity incident and a potential privacy breach.
On September 10, 2024, at approximately 8:00am, our info@bebeautifulmedical.ca account sent out scam (“phishing”) emails. The subject line read “VOIR LE DOCUMENT COMPLET”. The email appeared as though it was sent by one of our employees, but it varied in appearance and did not reflect the clinic’s usual branding. Upon learning of the breach, we immediately took measures to address the issue, we removed the vulnerability, and regained control of our email. The security issue was resolved in less than an hour. However, if you see this email in your inbox, please delete it immediately.
Extent of privacy breach: Based on our internal investigation, personal health information that would have been accessible included patients’ names and email addresses only. No other personal health information was accessible.
Who was affected: The email was only sent to email addresses that had previously sent an email to info@bebeautifulmedical.ca. We are unable to determine who received this email. Please also note, this did not affect your Jane account.
The fraudulent email: This email contained a link, that when clicked upon, asked recipients to enter an email and password. If you clicked on this link and entered your information, please immediately change your email password.
Steps we are taking to address this issue: Those who replied to the email have been contacted by the clinic. We are actively working on strengthening our IT security systems to ensure this does not happen again in the future.
We are very sorry for any inconvenience this may cause. We take this matter seriously, and we are taking this opportunity to review and revise our policies and practices to avoid any future occurrences. We are reporting this privacy breach to the Information and Privacy Commissioner of Ontario. Under the Personal Health Information Protection Act, you are also entitled to make a separate complaint to the IPCO at https://www.ipc.on.ca/privacy/filing-aprivacy-complaint.
Please let us know if you have any questions or concerns. You can contact me directly as the Privacy Officer at 613-935-3328.
Sincerely,
Dr. Christine Suess