Data Security Incident Update

Frequently Asked Questions

Dear patient:

We are writing to inform you about a recent incident resulting in unauthorized access to some of the personal health information you provided to the Tilbury District Family Health Team (“TDFHT”).

While we have no evidence that your information has been misused, we are notifying you of the incident and providing information about available resources to help protect your information.

If a dependent of yours has received treatment from the TDFHT since 2015, they have received a direct notification as well.

What happened?

  • TDFHT’s network and operational data reside on servers maintained by TransForm Shared Services Organization (“TransForm”), our third-party information technology and procurement partner.
  • On October 23, 2023, we learned that TransForm, as well as local hospitals Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, were experiencing a cyber incident. We later learned that this incident was a ransomware attack involving the theft of some data from servers maintained by TransForm.
  • We immediately took action, requesting details regarding any TDFHT data that was affected.
  • We have confirmed that TDFHT’s electronic medical record was not accessed or taken.
  • Unfortunately, we have determined that data stored by TDFHT on a shared drive was stolen. This drive contained various database reports extracted from the TDFHT EMR to support routine operations. All reports were saved within a secure environment. Many used additional encryption as an extra precaution, though some were unencrypted.
  • TransForm has confirmed that they are working with cybersecurity experts who are helping to safely restore IT services, investigate what happened and provide guidance on further strengthening our IT systems.
  • TransForm has reported that it has reported the incident to Canadian, U.S. and international law enforcement.

How does this affect you?

We have reviewed the stolen data, and we have determined that it likely pertains to all patients of TDFHT from 2015 to date. It may have included the following:

  • Reports pertaining to medical status or chronic disease programing, including the following conditions or statuses: chronic obstructive pulmonary disease (COPD), congestive heart failure (CHF), diabetes, cancer status, lung & health status and smoking status;
  • Patient medication summaries, including those pertaining to recalls, reconciliation lists and opioids; and
  • Immunization and therapy status summaries, including those related to COVID-19, influenza, B12 and Shingrix.

The extent of the information affected may have included: patient first name, patient last name, date of birth, address and health card number. Health card was only affected for a limited number of individuals.

The data does not include your social insurance number or any credit card, financial or banking information about you.

What can you do?

While the overall risk is low, we encourage you to be vigilant and to mitigate any potential harm by taking the following steps to protect yourself:

  • Monitor your financial accounts. If you see anything you do not understand or that looks suspicious, or if you suspect that any fraudulent transactions have taken place on a credit or debit card, you should call your bank.
  • Change and create strong passwords for any online accounts, in particular those that use or relate to your social insurance number.
  • Be cautious of any unsolicited communications via any channel (phone call, email, etc.) that ask for your personal information or refer you to a web page asking for personal information.
  • Avoid clicking on links or downloading attachments from suspicious emails.
  • Report an incident to the appropriate authorities if you notice any suspicious activity.
  • If you suspect misuse of your health card number, you can report suspected cases of fraud by calling the Ministry of Health and Long-Term Care at 1-888-781-5556 or e-mail at

Additional tips and resources for protecting your identity are available at

Other steps we are taking

We have reported the incident to the Information and Privacy Commissioner/Ontario (“IPC”) and an investigation file has been opened. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC’s website at

Should you have any questions regarding this incident, please contact us at 519-682-2307 and press 6.Please leave a message clearly stating your name, date and a phone number and a team member will follow up with you within 48 hours. Please note that this line is intended for questions related to the breach notification only. Unrelated messages will not be returned.


We regret any concern that this incident will cause for our patients, and we sincerely apologize.



Sara Dalo
Executive Director