Saturday, January 22, 2022

Newfoundland attackers got personal data of patients, hospital workers

Newfoundland is now admitting that personal and health information of some patients and hospital staff was accessed by those behind the cyberattack on the province’s health care IT systems.

As a result the government is urging people who have been patients in or worked for two health districts to monitor their bank statements for suspicious activity. Suspicious activity may also be detected by credit rating agencies such as Equifax Canada and TransUnion Canada.

Impacted information includes data about current and former employees and patients of the Eastern Health region — which includes the provincial capital of St. John’s — from about the last 14 years, and the Labrador-Grenfell Health region for approximately the last nine years.

UPDATE: On Wednesday the government said some patient data going back 13 years held by the Central Health Authority was also accessed by the attackers. In addition, it believes some data of employees was also accessed, although that had not been confirmed.

Justice Minister John Hogan emphasized that the government is certain the data was “accessed” by attackers. “Access to data does not mean that it was copied, does not mean it was taken,” he said.

For patients, the accessed data includes basic information that is typically logged or used for a patient visit, such as name, address, health care number, who was visited, reason for the visit, your doctor, phone number, birth date, email address for notifications, in-patient/out-patient, mother’s maiden name, and marital status.

For current and former employeesthe information includes name, address, contact information, and Social Insurance Number. There is no evidence that banking information of employees was involved, the government says.

Premier Andrew Furey told reporters at a Tuesday afternoon press conference the exact number of people affected is still being investigated. However, Eastern Health CEO David Diamond told reporters that anyone who has been to hospitals in his region in the last 14 years should assume their data has been stolen.

UPDATE: On Wednesday the government still couldn’t say how many people might be affected. “The period involved is lengthy,” Health Minister John Haggie said. “We don’t have detailed numbers. but if you look at the average interaction between the public and the healthcare system — and bear in mind that three out of the four regional health authorities have been affected — our figures show about 400,000 interactions between the public and the healthcare system per year. So the math could be quite large.”

UPDATE: The provincial information and privacy commissioner has launched an investigation into the breach.

Furey said that the government confirmed the data theft late on Monday, November 8th.

“We are currently looking into options for the provision of credit monitoring and identity protection services to monitor credit, with regular reports and access to credit scores which notify users of unexpected changes,” the government said in a statement on its website.

The RCMP as well as the Information and Privacy Commissioner for Newfoundland and Labrador have been notified of the data theft.

Meanwhile IT teams continue to try to restore health care systems. The government said some health records may not be immediately available when service is restored. “Our teams are working to backfill this information,” the government said.

MORE TO COME

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

After being all-digital last year, the Consumer Electronics Show is back in Las Vegas for 2022. Find all the latest news and announcements from the showroom floor at CES 2022.

Related Tech News