FOR: CARDIOCOMM SOLUTIONS, INC.
TSX VENTURE SYMBOL: EKG
December 14, 2023
TORONTO, ONTARIO - CardioComm Solutions, Inc. (TSX VENTURE: EKG) ("CardioComm" or the "Company"),
a global medical provider of consumer heart monitoring and medical electrocardiogram ("ECG") software
solutions, confirms to its customers and stakeholders that following a recent cyber attack the Company has successfully restored its systems and resumed full-scale operations stronger than ever.
On July 25, 2023, the Company announced a cyber attack took place which disrupted CardioComm’s digital infrastructure and interrupted customer access to ECG reading and remote patient monitoring services. Promptly responding to the breach, the Company engaged cybersecurity experts, including KPMG-EGYDE, and initiated a comprehensive assessment and fortification of its systems to mitigate any potential vulnerabilities. The rigorous measures taken during the recovery phase included implementing state-of-the-art security protocols, conducting employee training sessions to reinforce cybersecurity awareness, and collaborating with industry experts to reinforce the Company's digital resilience. As a result of these efforts, CardioComm confirms the successful restoration of all affected systems and services with completed investigations showing no evidence of data access and / or data exfiltration from CardioComm’s IT environment. Post-attack investigations have found no evidence of threat actor activity or presence in CardioComm’s newly restored IT environment.
Given the cyber attack’s medium risk of harm classification, the Company proactively and duly submitted a report to the Office of Privacy Commissioner of Canada (PIPEDA) which was reviewed and successfully closed without further reviews. The Company has also engaged support for continued dark web search / monitoring as well as credit and identity monitoring for a two-year period by Transunion. Transunion is a major credit reporting, fraud, and analytics solutions provider across the finance, retail, telecommunications, utilities, government and insurance sectors.
A message from Etienne Grima, CEO of the Company states, “Customers can once again access the Company’s ECG reading services and remote patient monitoring platforms securely, ensuring the continued delivery of the exceptional service and reliability they have come to expect. Our topmost priority has always been the security and trust of our customers. We immediately mobilized our resources to contain and neutralize the cyber threat and our team has worked tirelessly to restore our systems to their optimal state.”
Moving forward, CardioComm remains steadfastly committed to maintaining the highest standards of cybersecurity to safeguard its operations and the interests of its stakeholders. In keeping with this commitment, the Company has completed ISO 27001 certification and entered into a service agreement with Oracle for Oracle Cloud Infrastructure (OCI) services that assure business continuity and transparent disaster recovery for its production infrastructure and development/test and corporate environments.
OCI provides CardioComm high-performance compute capabilities and storage capacity in a flexible overlay virtual network that is securely accessible from CardioComm’s on-premises network that will provide customers with high availability with no downtime. OCI also provides a number of security features such as data encryption by default at rest and in motion, and auto detection and remediation of security issues. Oracle manages more than 80 global, regional and industry-specific programs to provide third-party attestations like SOC, ISO, HIPAA, and FedRAMP, and advisories for standards like GxP, NIST, GDPR and FISC.
This is the first year that CardioComm has been certified under ISO 27001, an international standard that focuses on information security management, providing a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within an organization. Achieving ISO 27001 certification involved a thorough audit by an independent certification body to ensure compliance with the standard's requirements. Certification demonstrates CardioComm’s commitment to managing and protecting its information assets and to provide assurances to its customers and stakeholders in the health industry about the level of performance of CardioComm’s security practices.
To learn more about CardioComm's products and for further updates regarding HeartCheck™ ECG device integrations, please visit the Company's websites at
www.cardiocommsolutions.com and www.theheartcheck.com.
CardioComm Solutions' patented and proprietary technology is used in products for recording, viewing, analyzing and storing electrocardiograms for diagnosis and management of cardiac patients. Products are sold worldwide through a combination of an external distribution network and a North American-based sales team. CardioComm Solutions has earned the ISO 13485:2016 MDSAP certification, is HIPAA compliant and holds clearances from the European Union (CE Mark), the USA (FDA) and Canada (Health Canada).
INFORMATION PLEASE CONTACT:
Etienne Grima, Chief Executive Officer
1-877-977-9425 ex. 277
This release may contain certain forward-looking statements and forward looking information with respect to the financial condition, results of operations and business of CardioComm Solutions and certain of the plans and objectives of CardioComm Solutions with respect to these items. Such statements and information reflect management's current beliefs and are based on information currently available to management. By their nature, forward-looking statements and forward-looking information involve risk and uncertainty because they relate to events and depend on circumstances that will occur in the future and there are many factors that could cause actual results and developments to differ materially from those expressed or implied by these forward-looking statements and forward-looking information.
In evaluating these statements, readers should not place undue reliance on forward-looking statements and forward-looking information. The Company does not assume any obligation to update the forward-looking statements and forward-looking information contained in this release other than as required by applicable laws, including without limitation, Section 5.8(2) of National Instrument 51-102 (Continuous Disclosure Obligations).
Neither TSX Venture Exchange nor its Regulation Services Provider (as that term is defined in policies of the TSX Venture Exchange) accepts responsibility for the adequacy or accuracy of this release.