Newfoundland is now admitting that personal and health information of some patients and hospital staff was copied by those behind the cyberattack on the province’s health care IT systems.
As a result the government is urging people who have been patients in or worked for two health districts to monitor their bank statements for suspicious activity. Suspicious activity may also be detected by credit rating agencies such as Equifax Canada and TransUnion Canada.
Impacted information includes data about current and former employees and patients of the Eastern Health region — which includes the provincial capital of St. John’s — from about the last 14 years, and the Labrador-Grenfell Health region for approximately the last nine years.
For patients, it includes basic information that is typically logged or used for a patient visit, such as name, address, health care number, who was visited, reason for the visit, your doctor, phone number, birth date, email address for notifications, in-patient/out-patient, mother’s maiden name, and marital status.
For current and former employees, the information includes name, address, contact information, and Social Insurance Number. There is no evidence that banking information of employees was involved, the government says.
Premier Andrew Furey told reporters at a Tuesday afternoon press conference the exact number of people affected is still being investigated. However, Eastern Health CEO David Diamond told reporters than anyone who has been to hospitals in his regionin the last 14 years should assume their data has been stolen.
Furey said that the government confirmed the data theft late yesterday.
“We are currently looking into options for the provision of credit monitoring and identity protection services to monitor credit, with regular reports and access to credit scores which notify users of unexpected changes,” the government said in a statement on its website.
The RCMP as well as the Information and Privacy Commissioner for Newfoundland and Labrador have been notified of the data theft.
Meanwhile IT teams continue to try to restore health care systems. The government said some health records may not be immediately available when service is restored. “Our teams are working to backfill this information,” the government said.
MORE TO COME