An investigation into a cyber-attack on the Newfoundland and Labrador health care system in October revealed that more data was stolen than originally anticipated, the provincial government said. Speaking to the media Wednesday morning, Eastern Health CEO David Diamond said more than 200,000 files had been downloaded from an Eastern Health Network drive that may contain patient and employee information dating back to 1996. Initial reports stated that the breach of data by Eastern Health’s employees lasted until 2008. “We are currently doing the work, undertaking a manual review to determine the exact number of files that contained personal health information or personal information,” he said. Health Minister John Haggie said work was under way to alert people whose information had been stolen and to provide them with credit tracking and identity theft protection services at no cost. “We are obviously sorry that this happened,” Haggie said. “At this stage of the investigation we understand well the information involved in this incident.” Wednesday marked the county’s first cyber-attack briefing since December, when Diamond told reporters the system had to be rebuilt from scratch after some services had to be shut down for weeks. The attack, which was discovered by officials on October 30 and made public two weeks later, delayed thousands of appointments, procedures and the province’s COVID-19 test program. Haggie told reporters at the time in the “data center brain” that the powers of the province’s healthcare system had been eroded. Diamond said Wednesday that the stolen information could include medical diagnoses, procedure type and MCP numbers, as well as human resources and administrative information. “As far as personal financial and health information is concerned, we do not know if any of it has been misused at this point,” Diamond said. “There is a lot of surveillance with the cyber experts we have, people who search the dark web and try to make sure that if something was abused, we would know. We do not see it.” He said the registration deadline for Equifax’s credit monitoring service has been extended until the end of the year and a portal is being developed to facilitate the registration process. The portal is expected to be released within the next two weeks, he said, adding that Eastern Health continues to implement further IT security measures. See the full March 30 update:
Identification of victims
As more information is confirmed, letters will be mailed to affected individuals informing them of the details of the breach, Diamond said. Anyone with questions can contact Eastern Health’s Office of Personal Data Protection, he said. Diamond said the number of people affected may be in the thousands, but the number will become clearer as the investigation continues. Haggie did not provide details on who was responsible for the attack, citing security sources and parts of the investigation that are still ongoing by other organizations. He also could not say how much the cyber attack and the search in the province have cost so far. “We have been informed by our security advisers, local, national and international, that providing details about the incident beyond a certain point would be pointless and potentially jeopardize our ability to provide services in the future,” Haggie said. Sources told CBC News that the attack was ransomware: an attack in which hackers invade a network, activate software to encrypt data on the network and demand payment in order to decrypt the data, holding the network and its owner hostage. Provincial officials have been concerned about whether the attack was ransomware and whether financial demands were made – or whether they were satisfied. Asked again on Wednesday if the provincial government had paid a ransom to regain access to its information systems, Haggie said: “I will not answer that question.” Read more from CBC Newfoundland and Labrador
