The College of the Nurses of Ontario (CNO) has recently announced that it has been dealing with a cyberattack that has forced the nurses’ regulatory body to shut down its services.
According to the latest CNO statement, the organization reacted immediately to contain the attack, engaging the services of leading cybersecurity experts to assist with the investigation and deploy mitigation steps.
However, it has been more than ten days since the CNO discovered the unauthorized access on its network, and the process of resuming normal operations has not shown any signs of success.
“While CNO works to resume normal operations, a number of services are temporarily unavailable, including the public register Find a Nurse, the nurse renewal portal Maintain Your Membership, and the portal for applicants,” the notification reads.
Moreover, a list of stolen CNO document files has surfaced on the dark web. The perps gave the college 12 days to respond to their demands and avoid the publication of stolen information.
“We are aware of a claim on the dark web regarding data theft from CNO,” CNO officials said in a statement. “While we are not able to confirm at this time, through a comprehensive forensic investigation, CNO is seeking to determine whether personal information was compromised as a result of the incident that may require notification to individuals. Although CNO was affected by ransomware, the organization is implementing a range of approaches to resume operations safely and securely, including restoring from backups.”
Despite its reassurances, the organization overseeing more than 185,000 nurses failed to comment on whether the personal information of nurse members has been stolen. However, as a precaution, the NCO will provide free credit monitoring and identity theft protection services to its 280 staff members.