November 26, 2021 – St. John’s, NL: Eastern Health advises the public that it has entered into a contract with Equifax Canada to provide credit monitoring services to individuals whose personal health information and personal information was breached in October 2021 during the cyber-attack that impacted health-care information technology (IT) systems across the province.
While the incident is currently under investigation, Eastern Health can confirm that some personal health information of clients was taken in the incident. This involves some personal health information of those who received services from Eastern Health at any time over approximately the last 14 years, and includes information used at registration for services such as: name, address, medical care plan (MCP), who a client is visiting, and reason for visit, physician name, and phone number, date of birth, and email address for notifications, inpatient/outpatient, maiden name and marital status.
Similarly, some personal information of current and former employees, physicians and locums was taken during the same cyber incident. This includes information such as: name, address, contact information, and social insurance number of employees of Eastern Health over approximately the last 14 years.
At this time, there is no indication that the information taken has been misused or disclosed and no evidence that banking information was involved.
Credit Monitoring and Identity Theft Protection Enrollment Information
Affected individuals are being offered access to credit monitoring and identity theft protection services through Equifax Canada, at no cost to them. This service, available to persons over the age of eighteen (18) who have a Canadian credit file, allows individuals to monitor their credit and identity information, as well as detect and respond to fraudulent credit activity. For those living outside of Canada, coverage will depend on the availability of the service in their region.
Clients call the provincial toll-free information line at 1-833-718-3021 to obtain their unique Equifax Activation Code and enrollment instructions. Individuals should be prepared to answer three qualifying questions.
Former employees, physicians and locums should receive a letter, being sent to their last home address, with enrollment instructions for credit monitoring and identity theft protection services by November 30, 2021. If a letter is not received by this date, former employees, physicians and locums are asked to call the provincial toll-free information line at 1-833-718-3021. Current and former employees, who have also been clients, do not need to sign up with Equifax twice, and should enroll for the Equifax service as current or former employees.
Detailed information on this service package, including how to enroll and frequently asked questions, is available on the Eastern Health’s IT Systems Outage webpage at https://www.easternhealth.ca/it-systems-outage/credit-monitoring-identity-theft-protection-services. A process is being identified for affected individuals who require extra support for accessing the Equifax credit monitoring service. Details will be shared once finalized.
Eastern Health encourages affected individuals to remain vigilant regarding their financial information. Those who notice any unusual activity in any of their accounts or their account statements, should contact their financial providers as soon as possible.
Questions about this privacy breach and associated credit monitoring and theft identity protection services can be directed to the provincial toll-free information line at 1-833-718-3021. For more information, please visit the Government of Newfoundland and Labrador’s website at https://www.gov.nl.ca/hcs/information-and-updates-on-cyber-incident/.
Eastern Health takes confidentiality and privacy very seriously and it deeply regrets this incident and any concern or inconvenience that it may cause. Eastern Health provides assurance of its continued commitment to the protection of the privacy of current and former employees, clients, and other members of its community. Please read the following public notification of privacy breach of personal health information and notification or privacy breach of current and former employee’s personal information.
Eastern Health remains focused on the delivery of safe patient care, while it continues to collaborate with the Newfoundland and Labrador Centre for Health Information (NLCHI), along with the Department of Health and Community Services and other regional health authorities, to restore provincial health-care IT systems and investigate the nature and impact of this incident. Immediate actions to prevent further incidents have been taken, and these efforts will persist.
Eastern Health notification protocols through the Newfoundland and Labrador Office of the Information and Privacy Commissioner (OIPC) have been completed. The RCMP and other external resources are currently involved, provincially, to fully investigate the incident. Eastern Health’s appreciate the public’s patience and understanding as this investigation continues.
– 30 –