Recent hacking attempt determined unsuccessful
ORBCoN is the subject of a recent hacking attempt by an unknown party. As a precaution, we had taken all involved applications offline and contracted a cyber security firm to investigate. We can now confirm that the hackers were unsuccessful in gaining access to our servers and user data.
All applications involved will move back online as soon as possible.
We sincerely apologize for any inconveniences caused by this incident.
Should I be concerned?
No, the hackers were unsuccessful in their attempts to gain access to our servers, and we will continue to enhance our cyber security to protect your personal information. Below are the types of personal information that we are responsible for:
- First name, last name, and email address
- Country, province
- Role, affiliate (hospital employer), and ward (where indicated)
See some best practices below:
Always keep an eye out for phishing campaigns
It is common for hackers to use personal information like names and email addresses to craft targeted phishing campaigns. Always verify that you know the sender of an email before opening and/or clicking on links. Follow your employer's guidelines on protecting yourself against phishing campaigns, and see some tips below from cyber.gc.ca:
Something may be phishy if:
- You don’t recognize the sender’s name, email address, or phone number
- You notice a lot of spelling and grammar errors
- The sender requests your personal or confidential information
- The sender makes an urgent request with a deadline
- The offer sounds too good to be true
Protect your information and infrastructure:
- Verify links before you click them
- Avoid sending sensitive information over email or texts
- Call the sender to verify legitimacy (e.g. if you receive a call from your bank, hang up and call them)
- Filter spam emails
What do I do if I get a phishing email?
- Do not respond
- Inform your supervisor
- Forward to your hospital's IT Security team
- Report the message as phishing through your webmail client
- Follow any other policies and procedures outlined by your employer
Keep your passwords updated regularly
Most hospitals will have guidelines on how frequently you should be updating your passwords. Updating your passwords at least every 90 days is a good rule of thumb.
Always make sure you:
- Use complex passwords
- Don't use the same passwords across different applications
- If possible, use a password manager
ORBCoN takes the responsibility of protecting the personal information of our users very seriously. We will work hard to ensure our web applications continue to be secure and reliable, and that your information is protected.