Notice to all CAPR credentialling applicants, exam candidates and other CAPR stakeholders

This notice is to advise you that the CAPR Information Technology (IT) systems were hacked or illegally accessed on or about September 7th through a ransomware cyber-attack.  We have been able to recover from this attack with minimal disruption to our services.  Operations and customer service are currently at normal levels.

The CAPR has notified the police, the Canadian Anti-Fraud Centre, the Canadian Cyber-Incident Response Centre (CCIRC) as well as both the provincial and federal Privacy Commissioners about the attack, shared openly all information regarding the cyber-incident and sought advice regarding next steps.  Additionally, CAPR completed a comprehensive internal investigation.

The CAPR does collect and store some applicant personal information (such as names and addresses) in our files, but does not store the financial information or credit card numbers of any of its applicants, nor any personal health information in its electronic files.  We have no reason to believe that any information from our files was accessed as a result of this incident. The CAPR also confirms that the integrity of the physiotherapy competency exam was not compromised.

Since becoming aware of the attack, CAPR has taken steps to further increase the security and level of encryption of all CAPR files and backups.  The CAPR also trains all staff on cyber-security and privacy.  We take our responsibility to protect all your personal and personal-health information very seriously and continuously work to improve all security processes in this regard.

Again, we would like to reiterate that we have no reason to believe that any personal information was breached, but we do want you to be aware of this incident.

Should you have any questions regarding this matter, please contact our offices at email@alliancept.org.