NL cyberattack grows with social insurance data breach
ST. JOHN’S, NL – Newfoundland and Labrador officials revealed Tuesday that the personal data of everyone who tested for COVID-19 in the province was stolen by hackers following a cyberattack that occurred on Jan. October 30 targets the province’s health care system.
The head of the province’s largest health agency told reporters the breach also involved the social insurance numbers of 2,514 patients – 1,025 of whom are still alive – although medical staff are not request that information.
Eastern Health president David Diamond said when a patient signs up, there’s an unnecessary input field for a social security number.
“We really don’t see that there’s ever been a need for a social security number to be collected that way,” he said Tuesday during a briefing in St. John’s. “And so we think that in many cases this could simply be due to human error, because the field is already there.” Diamond said officials are putting in place a “mitigation plan” to ensure this information is not re-collected.
Although the attack hit provincial healthcare networks about a month and a half ago, its impact is still being discovered. On Tuesday, officials confirmed that patient or staff data from all four of the province’s health authorities had been stolen by the perpetrators, some of which dates back 28 years. It was previously believed that only three of the authorities were affected.
Diamond also revealed Tuesday that anyone whose blood test results have been sent to Eastern Health for analysis over the past 11 years were part of the data breach. However, the hackers did not have access to test results, including COVID-19 tests, he said. He could not say in total how many patients and staff were affected by the breaches.
As has been the practice of the government since the attack was first announced, Attorney General John Hogan gave no specifics about the nature of the attack and declined to say whether a ransom had been paid or not. not yet. “There has been, is and will be an ongoing security issue here,” he said. “The advice we get from the experts is to say what we’ve said and say nothing more at this stage.”
Hogan described the privacy breach related to the attack as “one of the largest we’ve seen in the country,” although its scale is clearly still being assessed.
As for the affected systems, Diamond said they are being rebuilt from the ground up using backups.
“We estimate we are 65 or 70 per cent of the way there,” he said. “And with the manual workarounds and other innovative ways that clinicians have been doing, our services are back up, though not necessarily at 100%.”
This Canadian Press report was first published on December 14, 2021.