Newfoundland and Labrador health system attackers copied 200,000 patient and employee files

Share post:

The number of patients and employees affected by last year’s hack of the Newfoundland and Labrador healthcare systems continues to grow. In a call with reporters on Wednesday, David Diamond, chief executive officer of the province’s Eastern Health district, said over 200,000 files were copied from a network drive in what is widely believed to have been a ransomware attack. Officials are manually combing through the data to clarify how much of it included personally identifiable information. The government has been cautious with putting a number on the possible victims, saying that social insurance numbers of 2,541 patients – of whom 1,200 are still alive – were copied by the hackers. The government initially thought stolen data went back only as far as 2008. But its latest statements added more detail. “Over 200,000 files were taken from a network drive at Eastern Health’s IT environment,” he said. “A portion of that may contain patient information and employee information. We’re currently doing a manual review to determine the exact number of files that contained personal health or personal information. A number of these files contained personal information, and from various time periods, some dating back to 1996. “This information may include medical diagnosis, procedure type, MCP (medical care plan) number, and health care provider information for some health care services that are provided by laboratory medicine, in surgery, cancer care, and cardiology programs among others. It also may include human resources and administrative information.” Because persons may have been entered into the system several times for multiple healthcare treatments the 200,000 files don’t necessarily represent 200,000 people. In total, Diamond said, there could be “thousands” of individuals affected. It may take six to eight weeks to get a final total. Those affected are starting to be notified and will be given free credit monitoring services. He also said the district realized on February 25th that over 200,000 files were copied. Provincial health minister John Haggie continued refusing to answer questions on who was behind the attack, saying he’d been advised by experts not to comment for security reasons. Nor were there details about the cost so far of repairing the IT network or whether a ransom was paid. An estimate of network repair costs will be available in the upcoming provincial budget. The “initial threat has been contained and our health services have been restored” across the province, he said. Diamond, who described the attack as a “massive incident,” said his district’s IT system is “pretty much” back to normal. Diamond did say that in addition to network repairs “there’s been lots of rigor now around passwords and multifactor authentication and [security awareness] training opportunities for staff at all levels around cyber.” “We understand now more than ever the importance of continued vigilance and the need to strengthen our systems to prevent future attacks,” Haggie also said. An investigation into the attack continues, involving the provincial privacy commissioner, the RCMP, and other unnamed organizations. The post Newfoundland and Labrador health system attackers copied 200,000 patient and employee files first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for Friday, December 1, 2023

This episode features a discussion on ransomware, the latest explanation from Okta of a support hack and a survey of infosec pros whose firms w

Cyber Security Today, Dec. 1, 2023 podcast – More on compromises

This episode reports on the sanctioning of the Sinbad crypto mixe

All Okta customer support users had their email addresses copied

Identity and access provider Okta now says the threat actor who accessed its customer help desk system last month got the names and email addresses of all contacts of organizations that use its support system. Originally, the company said that, after an investigation, it determined only one per cent of the contacts from its 18,000

Failure of technology to detect attacks is a prime cause of breaches: Survey

Despite the money being poured into cybersecurity by IT departments, the leading cause of breaches of security controls was the failure of technology to detect an attack, a new survey from Trellix suggests. Forty-two per cent of respondents to the international survey of infosec leaders whose organization had suffered a recent cyber attack said their

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways