College of Nurses of Ontario

The College of Nurses of Ontario (CNO) is the statutory regulatory body for the nursing profession in the Canadian province of Ontario. It is mandated to protect the public by regulating the practice of nursing and setting standards for entry to the profession, ongoing competence, and professional conduct. The CNO accomplishes this through licensing nurses, accrediting nursing education programs, and administering a public register of all nurses authorized to practice in the province. This register includes registered nurses, registered practical nurses, and nurse practitioners, serving as a key resource for public verification of a nurse's credentials and standing. The organization's core services are therefore centered on regulatory compliance, discipline, and maintaining a transparent, accessible record of qualified professionals for Ontario's healthcare system. Its authority and scope are explicitly tied to the province of Ontario under the Regulated Health Professions Act, making it a cornerstone of healthcare governance within that jurisdiction.

The CNO distinguishes itself by its legally enforced, public-protection mandate, which is separate from the advocacy or educational roles of professional nursing associations. Its scale is defined by its responsibility for regulating over 180,000 nursing professionals, a significant portion of Ontario's health workforce. A notable event in its recent history was a ransomware attack in September 2020 perpetrated by the Netwalker cybercrime gang. This incident directly impacted its core operations, causing temporary unavailability of critical services including the public registry and membership portal. The attackers claimed to have exfiltrated human resources data, prompting an investigation into the potential compromise of personal information for the entire registrant base. The CNO engaged external cybersecurity experts for immediate containment and response. This event underscored the organization's role as a custodian of highly sensitive personal data and its vulnerability within the broader landscape of cyber threats targeting the healthcare sector, a trend previously highlighted by federal law enforcement warnings.