The number of patients and employees affected by last year’s hack of the Newfoundland and Labrador healthcare systems continues to grow.
In a call with reporters on Wednesday, David Diamond, chief executive officer of the province’s Eastern Health district, said over 200,000 files were copied from a network drive in what is widely believed to have been a ransomware attack. Officials are manually combing through the data to clarify how much of it included personally identifiable information.
The government has been cautious with putting a number on the possible victims, saying that social insurance numbers of 2,541 patients – of whom 1,200 are still alive – were copied by the hackers.
The government initially thought stolen data went back only as far as 2008. But its latest statements added more detail.
“Over 200,000 files were taken from a network drive at Eastern Health’s IT environment,” he said. “A portion of that may contain patient information and employee information. We’re currently doing a manual review to determine the exact number of files that contained personal health or personal information. A number of these files contained personal information, and from various time periods, some dating back to 1996.
“This information may include medical diagnosis, procedure type, MCP (medical care plan) number, and health care provider information for some health care services that are provided by laboratory medicine, in surgery, cancer care, and cardiology programs among others. It also may include human resources and administrative information.”
Because persons may have been entered into the system several times for multiple healthcare treatments the 200,000 files don’t necessarily represent 200,000 people.
In total, Diamond said, there could be “thousands” of individuals affected. It may take six to eight weeks to get a final total. Those affected are starting to be notified and will be given free credit monitoring services.
He also said the district realized on February 25th that over 200,000 files were copied.
Provincial health minister John Haggie continued refusing to answer questions on who was behind the attack, saying he’d been advised by experts not to comment for security reasons. Nor were there details about the cost so far of repairing the IT network or whether a ransom was paid. An estimate of network repair costs will be available in the upcoming provincial budget.
The “initial threat has been contained and our health services have been restored” across the province, he said. Diamond, who described the attack as a “massive incident,” said his district’s IT system is “pretty much” back to normal.
Diamond did say that in addition to network repairs “there’s been lots of rigor now around passwords and multifactor authentication and [security awareness] training opportunities for staff at all levels around cyber.”
“We understand now more than ever the importance of continued vigilance and the need to strengthen our systems to prevent future attacks,” Haggie also said.
An investigation into the attack continues, involving the provincial privacy commissioner, the RCMP, and other unnamed organizations.