Hackers were able to steal personal information related to both patients and employees of the Eastern Health and Labrador-Grenfell health regions of the Newfoundland and Labrador health system in a recent cyberattack, according to the report. officials.
The information was accessed through the province’s Meditech data repository, which includes a database of patient information as well as basic communication tools like email.
According to government officials, the breach includes basic information collected when a patient registers for an appointment – including names, birthdays, addresses, MCP numbers, the person’s family doctor, l marital status and hours of hospitalization and outpatient consultation. There is no indication that vendor information was included in the breach, according to Health Minister John Haggie.
Asked about the breach, Eastern Health CEO David Diamond said health officials in the province were “devastated” by the breach, and said he sympathized with those who believed their information might now be in between. bad hands.
“The personal health information that is available in the registration conversation is limited, but it is there,” he said.
The attackers were also able to gain access to employee-related information – Eastern Health employees who have worked for the past 14 years or so and Labrador-Grenfell Health employees for the past nine or so years.
This hacked information includes names, addresses, contact details and social insurance numbers. Haggie said there was no indication that banking information was included in the breach.
Diamond said anyone who has been a patient of Eastern Health for the past 14 years should assume their data has been stolen.
Watch the full briefing here:
Diamond said health officials in the province had insurance to cover losses caused by ransomware or a cyber attack, but added that there were no estimates yet of what the attack could cost the company. province.
According to officials at the Newfoundland and Labrador Health Information Center, the attackers obtained the data in an unencrypted state, meaning it was not blocked by a security measure. It is not known how many people are affected, as the systems storing the information have not yet been restored.
The province said there was no evidence that information obtained in the attack was misused.
Officials say they believe no information has been viewed in the western health region of the province, while an investigation continues in the central health region.
“It’s not someone else’s problem, it’s everyone’s problem. An attack on one is an attack on all,” Prime Minister Andrew Furey said in a statement. press conference held Tuesday afternoon.
The government says that the Office of the Information and Privacy Commissioner has been contacted about this, as well as the Canadian Center for Cyber Security and the Royal Canadian Mounted Police.
They also point to a public notification process also underway, which will include steps people can take to protect their information, such as monitoring banking and financial information for any unusual activity. The material will be available online to the public at 6 p.m. NT, with a toll-free phone system launched Wednesday morning.
The province will provide credit monitoring services.
Justice Minister John Hogan has said he could prevent identity theft using the stolen data.
“Anyone can use this information, any information they have, to steal someone’s identity. They could be on the other side of the country, anywhere in the world,” he said. Hogan said.
“Just by checking your credit report, you’ll see if that information is being used. You will be aware of it, you can call the banks, you can call the police, you can get it dealt with before serious consequences occur. . “
Haggie said the province is trying to be as open as possible about the attack, but is limited in what it can say at this time.
“We try to be as open and transparent as possible,” he said. “But we also have to be careful of watching third parties. Literally, let’s watch as we are doing right now.”
The update comes 10 days after the cyberattack shut down health services across the province.
Emergency services continued everywhere and chemotherapy and radiation treatments resumed across the province. The appointment booking and rebooking services are still affected.
The government has not acknowledged whether or not the attack was ransomware.
Ransomware attacks involve malicious software accessing and preventing the use of critical computer files, followed by a demand for payment to restore those files.
Meanwhile, the province’s COVID-19 travel form and self-assessment tool have been restored and are now available online.
Read more articles from CBC Newfoundland and Labrador
“Travel aficionado. Twitter scholar. Writer. Extreme coffee guru. Evil pop culture fanatic.”