TORONTO, ONTARIO – CardioComm Solutions, Inc. (TSX VENTURE: EKG) (“CardioComm” or the “Company”), a global medical provider of consumer heart monitoring and medical electrocardiogram (“ECG”) software solutions, confirms to its customers and stakeholders that following a recent cyber attack the Company has successfully restored its systems and resumed full-scale operations stronger than ever.
On July 25, 2023, the Company announced a cyber attack took place which disrupted CardioComm’s digital infrastructure and interrupted customer access to ECG reading and remote patient monitoring services. Promptly responding to the breach, the Company engaged cybersecurity experts, including KPMG-EGYDE, and initiated a comprehensive assessment and fortification of its systems to mitigate any potential vulnerabilities. The rigorous measures taken during the recovery phase included implementing state-of-the-art security protocols, conducting employee training sessions to reinforce cybersecurity awareness, and collaborating with industry experts to reinforce the Company’s digital resilience. As a result of these efforts, CardioComm confirms the successful restoration of all affected systems and services with completed investigations showing no evidence of data access and / or data exfiltration from CardioComm’s IT environment. Post-attack investigations have found no evidence of threat actor activity or presence in CardioComm’s newly restored IT environment.
Given the cyber attack’s medium risk of harm classification, the Company proactively and duly submitted a report to the Office of Privacy Commissioner of Canada (PIPEDA) which was reviewed and successfully closed without further reviews. The Company has also engaged support for continued dark web search / monitoring as well as credit and identity monitoring for a two-year period by Transunion. Transunion is a major credit reporting, fraud, and analytics solutions provider across the finance, retail, telecommunications, utilities, government and insurance sectors.
A message from Etienne Grima, CEO of the Company states, “Customers can once again access the Company’s ECG reading services and remote patient monitoring platforms securely, ensuring the continued delivery of the exceptional service and reliability they have come to expect. Our topmost priority has always been the security and trust of our customers. We immediately mobilized our resources to contain and neutralize the cyber threat and our team has worked tirelessly to restore our systems to their optimal state.”
Moving forward, CardioComm remains steadfastly committed to maintaining the highest standards of cybersecurity to safeguard its operations and the interests of its stakeholders. In keeping with this commitment, the Company has completed ISO 27001 certification and entered into a service agreement with Oracle for Oracle Cloud Infrastructure (OCI) services that assure business continuity and transparent disaster recovery for its production infrastructure and development/test and corporate environments.
OCI provides CardioComm high-performance compute capabilities and storage capacity in a flexible overlay virtual network that is securely accessible from CardioComm’s on-premises network that will provide customers with high availability with no downtime. OCI also provides a number of security features such as data encryption by default at rest and in motion, and auto detection and remediation of security issues. Oracle manages more than 80 global, regional and industry-specific programs to provide third-party attestations like SOC, ISO, HIPAA, and FedRAMP, and advisories for standards like GxP, NIST, GDPR and FISC.
This is the first year that CardioComm has been certified under ISO 27001, an international standard that focuses on information security management, providing a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within an organization. Achieving ISO 27001 certification involved a thorough audit by an independent certification body to ensure compliance with the standard’s requirements. Certification demonstrates CardioComm’s commitment to managing and protecting its information assets and to provide assurances to its customers and stakeholders in the health industry about the level of performance of CardioComm’s security practices.