At least 37,800 people affected by cyberattack last year on N.L. healthcare system

ST. JOHN’S, N.L. – About 37,800 people in Newfoundland and Labrador have been sent privacy breach notices stemming from a cyberattack last year on the province’s healthcare system, a spokesperson with the Eastern Health authority said Thursday.

The letters were sent to clients as well as to current and former employees to notify them that their personal information – possibly including social insurance numbers – had been accessed, Gina MacArthur said in an email. Officials are still determining exactly how many people have been affected, she added.

“All clients who availed of an Eastern Health service at any time were impacted by the resulting breach of their personal health information,” MacArthur wrote.

Eastern Health is the province’s largest health authority and includes the provincial capital of St. John’s.

The statement Thursday is the latest glimpse into the scale of the cyberattack that knocked down much of the province’s healthcare IT networks beginning Oct. 30. Officials have remained tight-lipped about what transpired, refusing to say what type of attack occurred or whether a ransom was demanded.

Experts have said the incident has all the hallmarks of a ransomware attack, in which hackers steal or encrypt sensitive information and demand a payment to release it.

In March, Eastern Health’s former president and chief executive officer David Diamond revealed that more than 200,000 files on a shared network drive had been stolen, and he estimated “thousands” could have been affected by the breach.

MacArthur said the investigation into that breach is ongoing. “This review should give us a better idea of how many people are affected,” she added.

The health authority is offering two years of free credit monitoring to anyone who has accessed its services. So far, more than 21,000 people have requested a code through an online portal to sign up for that service, she said.

Feature image by iStock.com/Jaiz Anuar