C-OPN Web App Data Breach
- On April 5, 2022
Recently, the Canadian Open Parkinson Network (C-OPN) experienced an unauthorized data breach on March 23, 2022, accessing C-OPN registration data held by the University of Calgary. This registration database held information such as name, phone number, email address, home address, date of birth, place of birth and self-disclosed diagnosis from some, though not all, C-OPN participants.
C-OPN has sent out a notification with pertinent information to all individuals impacted and have advised them to have their personal data protected. The University of Calgary will cover the costs for affected individuals to get these services through Equifax for a period of two years.
Since the incident, we have been working closely with the University of Calgary’s Security Office and Research Ethics Board. We have suspended the use of this registration database, and no further contact information is at risk of breach at this time.
C-OPN has already begun the following steps to improve security measures:
- Suspended the use of the registration database where the breach occurred until a comprehensive review is complete.
- Ensured that the larger C-OPN datasets and biobanks have not been compromised and remain completely secure. (This would be all the information gathered via questionnaires and study visits.)
- Implementing a new registration system that provides the highest level of security possible. This secure database system is also used to house our other datasets.
- Implementing monthly vulnerability checks of all our databases.
- Implementing policy for the regular emptying of information from the database once it is no longer required to have stored.
It’s important to understand that the data breach has not affected the larger C-OPN database (REDCap, LORIS), where data from all questionnaires and testing is stored.
We take this data breach seriously and are working to ensure a quick resolution and an assurance that this will not happen in the future. If you have additional questions specific to this breach, please contact:
Marisa Cressatti, PhD
Interim National Manager, C-OPN