Information and Updates on Cyber Incident - Health and Community Services
Health and Community Services > Information and Updates on Cyber Incident
Information and Updates on Cyber Incident
On Saturday October 30, 2021, a cyber incident impacted critical IT systems supporting healthcare providers in Newfoundland and Labrador. Thanks to the significant efforts of teams from across our healthcare system most services have been restored and the investigation continues into the nature and impact of the incident.
This page provides key information, Frequently Asked Questions (FAQ), and other resources to help explain what happened, what we know so far, and where we are in the recovery process.
Updates and information will be shared on this page as they become available. Please check back regularly for the most recent developments.
Current Incident Update
Last Updated – December 20, 2021
Thanks to the significant efforts of teams across our healthcare system, most services have been restored. We want to thank the employees of the Regional Health Authorities (RHAs) and Newfoundland and Labrador Centre for Health Information (NLCHI) who have supported these efforts to date, and who continued to provide critical care and services during this challenging time.
The investigation into the nature and impact of the incident is ongoing. These investigations are complex and require detailed analysis to determine the exact nature of the information involved. It is expected that new details will continue to be identified as the investigation and analysis continue, and we will continue to provide additional updates.
Please see below updates related to the cyberattack:
Social Insurance Numbers (SINs) Breached for a Small Number of Patients
Social insurance numbers for a relatively small group of patients were involved in this breach. A total of 2,514 patients had SINs breached, and because more than half of these patients are deceased, approximately 1,025 patients will receive direct notification from either Eastern Health, Central Health or Labrador-Grenfell Health.
Direct notification letters will be sent from impacted Regional Health Authorities to those patients whose SIN was breached in the coming week with an offer of five (5) years of credit monitoring and identify theft protection at no cost.
RHA Patients with Bloodwork and Specimens Analyzed at Eastern Health Provincial Lab
Patients who had specialized bloodwork and specimens collected at any Regional Health Authority, including Western Health, or private clinics, where the blood or specimens had to be analyzed by Eastern Health in the last 11 years, had their personal health information collected during registration and are involved in this breach. This includes COVID testing that was processed in the provincial lab at Eastern Health.
It is important to note that this does not include any test results, but the personal health information provided at registration.
Any patient who had their personal health information impacted in this breach can enroll for two (2) years of credit monitoring and identify theft protection services from Equifax.
Employee information involved information such as name, address, contact information and Social Insurance Number (SIN). There is no evidence that banking information of employees was involved. The date ranges for RHA employees and former employees have been updated, as follows:
Eastern Health for about the last 28 years (+14 years)
Labrador-Grenfell Health for about the last 8 years (-1 year)
Central Health for about the last 28 years (+15 years)
There continues to be no evidence that Western Health employee data was impacted by the breach.
Some of the patient information involved is the information that is typically logged and used when a person comes for an appointment, such as name, address, health care number (MCP), reason for visit, their doctor, phone number, birth date, email address for notifications, in-patient/out-patient status, maiden name and marital status.
The updated information and date ranges of the breach for patients are as follows:
Eastern Health for about the last 11 years (-3 years)
Labrador-Grenfell Health for about the last 8 years (-1 year)
Central Health for about the last 15 years (+2 years)
Western Health (only includes patients of RHAs and private clinics for specialized bloodwork and specimens that were sent to Eastern Health for analysis) – 11 years
Credit monitoring and identify theft protection services through Equifax are available for five (5) years free of charge for any employee or patient who had their SINs breached, and for patients with personal health information breached this service is available for two (2) years.
Additional information is available here. To access Equifax credit monitoring services, please call 1-833-718-3021.
Everyone is encouraged to remain vigilant and take steps to protect their information. If you notice any unusual activity in any of your accounts or your account statements, please contact your service providers such as your bank, or report this activity to law enforcement. Further information on how to protect your information is available here.
The investigation is still ongoing and such complex investigations require detailed analysis to determine the exact nature of the information involved. It is expected that new details will continue to be identified as the investigation and analysis continues, and government will continue to provide additional updates, as they become available.
Frequently Asked Questions
As our investigation is ongoing, the information below may change and will be updated as needed.
PRIVACY BREACH
What is the privacy breach?
Although the investigation is still ongoing, at this stage, it has been determined that some personal information (PI) and personal health information (PHI) relating to employees, former employees, and patients was taken from our systems. We have issued a public notice and notified employees and former employees of this incident. Anyone who had their social insurance number (SIN) breached will receive a letter in the mail. The appropriate regulatory authorities have been notified, and we will continue to meet our obligations pertaining to notification and reporting.
What happened?
As a result of the ongoing investigation into the cyberattack, it has been determined that some personal information (PI) and personal health information (PHI) was taken from our systems.
The appropriate authorities have been contacted, including the Office of the Information and Privacy Commissioner (OIPC) of Newfoundland and Labrador, and the Canadian Centre for Cyber Security. The RCMP have been notified and are continuing to investigate the incident.
Who was impacted by this?
While our investigation is ongoing and information may change as more information becomes available, we have identified that some personal information (PI) of current and former employees of Eastern Health, Central Health, and Labrador-Grenfell Health is involved. As well, it has been determined that some personal health information (PHI) of patients of all health authorities Eastern Health, Labrador-Grenfell Health, Central Health, and Western Health is involved.
The date ranges for the breach of information about employees have been updated, as follows:
Eastern Health for about the last 28 years
Labrador-Grenfell Health for about the last 8 years, and
Central Health for about the last 28 years.
There continues to be no evidence of data being taken relating to the Newfoundland and Labrador Centre for Health Information (NLCHI) employees or Western Health employees.
The date ranges for the breach of information about patients have been updated, as follows:
Eastern Health for about the last 11 years
Labrador-Grenfell Health for about the last 8 years
Central Health for about the last 15 years
Western Health (only includes patients of RHAs and private clinics for specialized bloodwork and specimens that were sent to Eastern Health for analysis) for about the last11 years
What information was impacted?
We continue to have no information that any personal information (PI) or personal health information (PHI) has been misused in relation to this incident.
For current and former employees, the information includes name, address, contact information, and Social Insurance Number (SIN), and employee user IDs. There is no evidence that banking information of employees was involved.
SINs for a relatively small group of patients were involved in this breach. A total of 2,514 patients had SINs breached, and because more than half of these patients are deceased, approximately 1,025 patients will receive direct notification.
For patients, the information involved includes basic information that is typically logged for a patient visit, such as name, address, health care number (MCP), who you are visiting, reason for visit, your doctor, phone number, and birth date, email address for notifications, in patient/out-patient, maiden name, marital status, race, and religion.
How many people are affected by this breach?
We are still actively investigating this breach, so we unable to provide those details at this time. It was important to us that we notify employees and patients in a timely manner, out of an abundance of caution, so you can take steps to protect your personal information.
How much information was stolen in this attack?
We are still assessing the extent of the information obtained in this incident. What we do know is that some personal information of patient and current and former employees was taken from our systems and some personal health information of patients.
What are you doing about this?
We are taking this matter very seriously. Upon learning of this incident, we immediately commenced an investigation and have worked closely with leading cyber security experts to contain the incident and to seek to identify any impacts to personal information.
The appropriate authorities have been contacted, including the OIPC and the Canadian Centre for Cyber Security. The RCMP have been notified and are continuing to investigate the incident.
We have also taken the step of providing public notification regarding the incident, out of an abundance of caution, including information about what steps individuals can take to protect their information and we are making available credit monitoring protection described below.
We are also providing credit protection and identity theft protection services through Equifax to monitor the credit of former and current employees which will provide regular reports and access to your credit score.
What can I do to protect my information?
We encourage individuals to remain vigilant, as always, regarding their personal information by monitoring your banking and financial information for any unusual activity, using strong passwords, and changing them regularly, keeping your passwords safe and hidden, ensuring your antivirus software is up to date, and not opening email attachments that look suspicious.
There are other steps you can take to protect your information, or if you suspect you’ve been the victim of identify theft:
Call Equifax or TransUnion Canada to get a copy of Credit Report.
If you suspect that your social insurance number is being used fraudulently, Service Canada advises filing a complaint with the police.
Contact the Canadian Anti-Fraud Centre at 1-888-495-8501.
Inform your bank and creditors by phone and in writing about any irregularities.
Report any irregularities in your mail delivery to Canada Post, for example, opened envelopes, missing financial statements or documents.
Visit a Service Canada office and bring all the necessary documents with you proving fraud or misuse of your SIN.
Fraud Alert: You may want to discuss with Equifax and TransUnion Canada whether you should have a fraud alert placed on your credit report by contacting them using the contact information above.
Alert the Canada Revenue Agency (CRA): You can report suspected fraud or identify theft with the CRA by calling them at 1-800-959-8281.
Additional Information: For additional information about steps you can take to protect your information, please see Digital Government and Service NL’s guidance on “Reducing the Risk of Identity Theft”
How can I find out if it directly affects me?
Patients of Eastern Health about the last 11 years, Labrador Grenfell Health for about the last 8 years, Central Health and for about the last 15 years, as well as those patients of Western Health or private clinics who had specialized bloodwork and specimens collected that were sent to Eastern Health for analysis for about the last 11 years.
Employees and former employees of Eastern Health for about the last 28 years, Labrador-Grenfell Health for about the last 8 years, and Central Health for about the last 28 years.
We encourage anyone who falls into those categories to take the steps described above to protect your information.
How will I know if my blood or specimens were sent to Eastern Health for processing?
Patients who believe or have concerns that they may have been impacted based on the timeframes and information provided, are able to sign up for the free credit monitoring service. You may call 1-833-718-3021 and request the free 2-year credit monitoring service. If you are a former or current patient and you have been notified that your SIN was breached you may enroll in the credit monitoring service for five years.
Are former employees affected by this breach?
We have identified that some personal information about current and former employees of Eastern Health from about the last 28 years, Labrador Grenfell Health for approximately the last 8 years, and Central Health from about the last 28 years has been taken from our systems.
There continues to be no evidence of information being taken relating to the Newfoundland and Labrador Centre for Health Information (NLCHI), or Western Health employees or former employees.
Current and former employees can enroll for the credit monitoring and identity theft protection services for five years by calling 1-833-718-3021.
What if I want to file a complaint?
The Office of the Information and Privacy Commissioner will conduct an investigation in relation to the incident. Please note that under the Access to Information and Protection of Privacy Act and the Personal Health Information Act you have a right to file a complaint with the commissioner’s office regarding a breach of privacy or if you are not satisfied with the measures taken regarding the breach. The Commissioner may be contacted as follows:
Office of the Information and Privacy Commissioner
2 Canada Drive
P.O. Box 13004, Station “A”
St. John’s NL, A1B 3V8
Telephone: 709-729-6309
Email: [email protected]
Is the issue resolved?
We are working closely with leading experts to continue to investigate the matter and we are taking steps to prevent it from happening again.
RESOURCES
Who can former and current employees and patients contact for further information?
A provincial IT Outage website has been set up for information for employees, physicians, partners, and the public.
A Provincial Call Centre has been set up for former and current patients and employees and can be reached at 1-833-718-3021.
Provincial Mental Health Crisis Line offers telephone support for people in crisis, available 24/7, and provided by trained mental health clinicians. Call 1-888-737-4668 if you or someone you know is in crisis.
CHANNAL Warm Line is a non-emergency, non-crisis telephone support and referral service provided by trained peer support workers who are there and ready to listen. Available 7 days a week, 9:00 a.m. to midnight. Call 1-855-753-2560 for support.
Bridge the gapp is Newfoundland and Labrador’s trusted source for mental health and substance use information and connection to local supports and services. Individuals accessing this site can also sign up for online programming, use tools, and share personal stories of recovery with others. For more details visit www.bridgethegapp.caOpens in new window.
Doorways Mental Health Walk-in Clinics provide rapid access to non-emergency mental health and addictions counselling services. Available in 60 locations throughout the province. Most locations offer same-day walk-in services with no appointment or referral required. Doorways is a counselling option, but also a doorway or access point for other ongoing counselling services.
MindWell-U 30-Day Mindfulness Challenge offers mindfulness training online, which includes guided activities and a 30-day online mindfulness challenge, available in English and French. The challenge only takes 5 to 10 minutes a day and is accessible by visiting www.bridgethegapp.caOpens in new window.
Therapy Assistance Online (TAO) is an online platform that provides education and skill building for individual’s mental wellness. TAO is available as a self-guided option or clinician-assisted option and covers a variety of topics such as alcohol and substance use, grief and loss, depression, stress, anxiety, and pain management.
The Federal Government offers a number of services nationally that can be accessed via the Wellness Together Canada Portal.
Information and Updates on Cyber Incident
On Saturday October 30, 2021, a cyber incident impacted critical IT systems supporting healthcare providers in Newfoundland and Labrador. Thanks to the significant efforts of teams from across our healthcare system most services have been restored and the investigation continues into the nature and impact of the incident.
This page provides key information, Frequently Asked Questions (FAQ), and other resources to help explain what happened, what we know so far, and where we are in the recovery process.
Updates and information will be shared on this page as they become available. Please check back regularly for the most recent developments.
Current Incident Update
Last Updated – December 20, 2021
Thanks to the significant efforts of teams across our healthcare system, most services have been restored. We want to thank the employees of the Regional Health Authorities (RHAs) and Newfoundland and Labrador Centre for Health Information (NLCHI) who have supported these efforts to date, and who continued to provide critical care and services during this challenging time.
The investigation into the nature and impact of the incident is ongoing. These investigations are complex and require detailed analysis to determine the exact nature of the information involved. It is expected that new details will continue to be identified as the investigation and analysis continue, and we will continue to provide additional updates.
Please see below updates related to the cyberattack:
Social Insurance Numbers (SINs) Breached for a Small Number of Patients
Social insurance numbers for a relatively small group of patients were involved in this breach. A total of 2,514 patients had SINs breached, and because more than half of these patients are deceased, approximately 1,025 patients will receive direct notification from either Eastern Health, Central Health or Labrador-Grenfell Health.
Direct notification letters will be sent from impacted Regional Health Authorities to those patients whose SIN was breached in the coming week with an offer of five (5) years of credit monitoring and identify theft protection at no cost.
RHA Patients with Bloodwork and Specimens Analyzed at Eastern Health Provincial Lab
Patients who had specialized bloodwork and specimens collected at any Regional Health Authority, including Western Health, or private clinics, where the blood or specimens had to be analyzed by Eastern Health in the last 11 years, had their personal health information collected during registration and are involved in this breach. This includes COVID testing that was processed in the provincial lab at Eastern Health.
It is important to note that this does not include any test results, but the personal health information provided at registration.
Any patient who had their personal health information impacted in this breach can enroll for two (2) years of credit monitoring and identify theft protection services from Equifax.
Employee information involved information such as name, address, contact information and Social Insurance Number (SIN). There is no evidence that banking information of employees was involved. The date ranges for RHA employees and former employees have been updated, as follows:
Eastern Health for about the last 28 years (+14 years)
Labrador-Grenfell Health for about the last 8 years (-1 year)
Central Health for about the last 28 years (+15 years)
There continues to be no evidence that Western Health employee data was impacted by the breach.
Some of the patient information involved is the information that is typically logged and used when a person comes for an appointment, such as name, address, health care number (MCP), reason for visit, their doctor, phone number, birth date, email address for notifications, in-patient/out-patient status, maiden name and marital status.
The updated information and date ranges of the breach for patients are as follows:
Eastern Health for about the last 11 years (-3 years)
Labrador-Grenfell Health for about the last 8 years (-1 year)
Central Health for about the last 15 years (+2 years)
Western Health (only includes patients of RHAs and private clinics for specialized bloodwork and specimens that were sent to Eastern Health for analysis) – 11 years
Credit monitoring and identify theft protection services through Equifax are available for five (5) years free of charge for any employee or patient who had their SINs breached, and for patients with personal health information breached this service is available for two (2) years.
Additional information is available here. To access Equifax credit monitoring services, please call 1-833-718-3021.
Everyone is encouraged to remain vigilant and take steps to protect their information. If you notice any unusual activity in any of your accounts or your account statements, please contact your service providers such as your bank, or report this activity to law enforcement. Further information on how to protect your information is available here.
The investigation is still ongoing and such complex investigations require detailed analysis to determine the exact nature of the information involved. It is expected that new details will continue to be identified as the investigation and analysis continues, and government will continue to provide additional updates, as they become available.
Frequently Asked Questions
As our investigation is ongoing, the information below may change and will be updated as needed.
PRIVACY BREACH
What is the privacy breach?
Although the investigation is still ongoing, at this stage, it has been determined that some personal information (PI) and personal health information (PHI) relating to employees, former employees, and patients was taken from our systems. We have issued a public notice and notified employees and former employees of this incident. Anyone who had their social insurance number (SIN) breached will receive a letter in the mail. The appropriate regulatory authorities have been notified, and we will continue to meet our obligations pertaining to notification and reporting.
What happened?
As a result of the ongoing investigation into the cyberattack, it has been determined that some personal information (PI) and personal health information (PHI) was taken from our systems.
The appropriate authorities have been contacted, including the Office of the Information and Privacy Commissioner (OIPC) of Newfoundland and Labrador, and the Canadian Centre for Cyber Security. The RCMP have been notified and are continuing to investigate the incident.
Who was impacted by this?
While our investigation is ongoing and information may change as more information becomes available, we have identified that some personal information (PI) of current and former employees of Eastern Health, Central Health, and Labrador-Grenfell Health is involved. As well, it has been determined that some personal health information (PHI) of patients of all health authorities Eastern Health, Labrador-Grenfell Health, Central Health, and Western Health is involved.
The date ranges for the breach of information about employees have been updated, as follows:
Eastern Health for about the last 28 years
Labrador-Grenfell Health for about the last 8 years, and
Central Health for about the last 28 years.
There continues to be no evidence of data being taken relating to the Newfoundland and Labrador Centre for Health Information (NLCHI) employees or Western Health employees.
The date ranges for the breach of information about patients have been updated, as follows:
Eastern Health for about the last 11 years
Labrador-Grenfell Health for about the last 8 years
Central Health for about the last 15 years
Western Health (only includes patients of RHAs and private clinics for specialized bloodwork and specimens that were sent to Eastern Health for analysis) for about the last11 years
What information was impacted?
We continue to have no information that any personal information (PI) or personal health information (PHI) has been misused in relation to this incident.
For current and former employees, the information includes name, address, contact information, and Social Insurance Number (SIN), and employee user IDs. There is no evidence that banking information of employees was involved.
SINs for a relatively small group of patients were involved in this breach. A total of 2,514 patients had SINs breached, and because more than half of these patients are deceased, approximately 1,025 patients will receive direct notification.
For patients, the information involved includes basic information that is typically logged for a patient visit, such as name, address, health care number (MCP), who you are visiting, reason for visit, your doctor, phone number, and birth date, email address for notifications, in patient/out-patient, maiden name, marital status, race, and religion.
How many people are affected by this breach?
We are still actively investigating this breach, so we unable to provide those details at this time. It was important to us that we notify employees and patients in a timely manner, out of an abundance of caution, so you can take steps to protect your personal information.
How much information was stolen in this attack?
We are still assessing the extent of the information obtained in this incident. What we do know is that some personal information of patient and current and former employees was taken from our systems and some personal health information of patients.
What are you doing about this?
We are taking this matter very seriously. Upon learning of this incident, we immediately commenced an investigation and have worked closely with leading cyber security experts to contain the incident and to seek to identify any impacts to personal information.
The appropriate authorities have been contacted, including the OIPC and the Canadian Centre for Cyber Security. The RCMP have been notified and are continuing to investigate the incident.
We have also taken the step of providing public notification regarding the incident, out of an abundance of caution, including information about what steps individuals can take to protect their information and we are making available credit monitoring protection described below.
We are also providing credit protection and identity theft protection services through Equifax to monitor the credit of former and current employees which will provide regular reports and access to your credit score.
What can I do to protect my information?
We encourage individuals to remain vigilant, as always, regarding their personal information by monitoring your banking and financial information for any unusual activity, using strong passwords, and changing them regularly, keeping your passwords safe and hidden, ensuring your antivirus software is up to date, and not opening email attachments that look suspicious.
There are other steps you can take to protect your information, or if you suspect you’ve been the victim of identify theft:
Call Equifax or TransUnion Canada to get a copy of Credit Report.
If you suspect that your social insurance number is being used fraudulently, Service Canada advises filing a complaint with the police.
Contact the Canadian Anti-Fraud Centre at 1-888-495-8501.
Inform your bank and creditors by phone and in writing about any irregularities.
Report any irregularities in your mail delivery to Canada Post, for example, opened envelopes, missing financial statements or documents.
Visit a Service Canada office and bring all the necessary documents with you proving fraud or misuse of your SIN.
Fraud Alert: You may want to discuss with Equifax and TransUnion Canada whether you should have a fraud alert placed on your credit report by contacting them using the contact information above.
Alert the Canada Revenue Agency (CRA): You can report suspected fraud or identify theft with the CRA by calling them at 1-800-959-8281.
Additional Information: For additional information about steps you can take to protect your information, please see Digital Government and Service NL’s guidance on “Reducing the Risk of Identity Theft”
How can I find out if it directly affects me?
Patients of Eastern Health about the last 11 years, Labrador Grenfell Health for about the last 8 years, Central Health and for about the last 15 years, as well as those patients of Western Health or private clinics who had specialized bloodwork and specimens collected that were sent to Eastern Health for analysis for about the last 11 years.
Employees and former employees of Eastern Health for about the last 28 years, Labrador-Grenfell Health for about the last 8 years, and Central Health for about the last 28 years.
We encourage anyone who falls into those categories to take the steps described above to protect your information.
How will I know if my blood or specimens were sent to Eastern Health for processing?
Patients who believe or have concerns that they may have been impacted based on the timeframes and information provided, are able to sign up for the free credit monitoring service. You may call 1-833-718-3021 and request the free 2-year credit monitoring service. If you are a former or current patient and you have been notified that your SIN was breached you may enroll in the credit monitoring service for five years.
Are former employees affected by this breach?
We have identified that some personal information about current and former employees of Eastern Health from about the last 28 years, Labrador Grenfell Health for approximately the last 8 years, and Central Health from about the last 28 years has been taken from our systems.
There continues to be no evidence of information being taken relating to the Newfoundland and Labrador Centre for Health Information (NLCHI), or Western Health employees or former employees.
Current and former employees can enroll for the credit monitoring and identity theft protection services for five years by calling 1-833-718-3021.
What if I want to file a complaint?
The Office of the Information and Privacy Commissioner will conduct an investigation in relation to the incident. Please note that under the Access to Information and Protection of Privacy Act and the Personal Health Information Act you have a right to file a complaint with the commissioner’s office regarding a breach of privacy or if you are not satisfied with the measures taken regarding the breach. The Commissioner may be contacted as follows:
Office of the Information and Privacy Commissioner
2 Canada Drive
P.O. Box 13004, Station “A”
St. John’s NL, A1B 3V8
Telephone: 709-729-6309
Email: [email protected]
Is the issue resolved?
We are working closely with leading experts to continue to investigate the matter and we are taking steps to prevent it from happening again.
RESOURCES
Who can former and current employees and patients contact for further information?
A provincial IT Outage website has been set up for information for employees, physicians, partners, and the public.
A Provincial Call Centre has been set up for former and current patients and employees and can be reached at 1-833-718-3021.
Provincial Mental Health Crisis Line offers telephone support for people in crisis, available 24/7, and provided by trained mental health clinicians. Call 1-888-737-4668 if you or someone you know is in crisis.
CHANNAL Warm Line is a non-emergency, non-crisis telephone support and referral service provided by trained peer support workers who are there and ready to listen. Available 7 days a week, 9:00 a.m. to midnight. Call 1-855-753-2560 for support.
Bridge the gapp is Newfoundland and Labrador’s trusted source for mental health and substance use information and connection to local supports and services. Individuals accessing this site can also sign up for online programming, use tools, and share personal stories of recovery with others. For more details visit www.bridgethegapp.caOpens in new window.
Doorways Mental Health Walk-in Clinics provide rapid access to non-emergency mental health and addictions counselling services. Available in 60 locations throughout the province. Most locations offer same-day walk-in services with no appointment or referral required. Doorways is a counselling option, but also a doorway or access point for other ongoing counselling services.
MindWell-U 30-Day Mindfulness Challenge offers mindfulness training online, which includes guided activities and a 30-day online mindfulness challenge, available in English and French. The challenge only takes 5 to 10 minutes a day and is accessible by visiting www.bridgethegapp.caOpens in new window.
Therapy Assistance Online (TAO) is an online platform that provides education and skill building for individual’s mental wellness. TAO is available as a self-guided option or clinician-assisted option and covers a variety of topics such as alcohol and substance use, grief and loss, depression, stress, anxiety, and pain management.
The Federal Government offers a number of services nationally that can be accessed via the Wellness Together Canada Portal.
