IT Systems Outage Update

On October 2021, a cyber incident impacted critical IT systems supporting health-care providers across Newfoundland and Labrador. The investigation into the cyberattack determined that some of Western Health’s patients’ personal health information that was collected at Western Health for bloodwork and specimens and then sent to Eastern Health provincial lab for testing was involved in the breach. This includes information related to bloodwork and specimens collected by Western Health, or private clinics in the region, which were transferred to Eastern Health for processing. Because this bloodwork and specimens are registered in Eastern Health for processing, some patient information from the Western Health region was involved. The information dates back over approximately the past 11 years. The information which was breached does not include test results.

All COVID-19 tests completed by Western Health are processed at Eastern Health. The registration information collected for these tests are also impacted, however, the information which was taken does not include test results.

Some of the patient information involved is the type of information that is typically logged for a patient visit, such as name, address, health care number (MCP), reason for visit, their doctor, phone number, and birth date, email address for notifications, in patient/out-patient, maiden name, and marital status.

Through an investigation into this cyberattack, it was determined that the incident was a ransomware attack involving Hive ransomware, and that some personal information and personal health information belonging to clients and employees was taken from certain systems. For more information regarding the cyberattack and preventative measures being taken, please see the Government of Newfoundland and Labrador’s report Overview: Cyberattack on the Newfoundland and Labrador Health Care System.

There is currently no evidence that patients who received services Western Health have had their social insurance numbers breached. In addition, there is still no evidence that employee or patient information from Western Health information systems was breached.

This situation may cause stress and challenges for residents in the region. If you are concerned about yourself or someone else, visit Doorways for quick access to mental health and addictions counselling services. You may also visit Bridgethegapp.ca to find other local supports and link to online resources. The Mental Health 24 Hour Crisis Line is also available by calling 1-888-737-4668. Please reach out for support if you need it.

NL Health Services is working with Equifax to directly notify applicable individuals that coverage for credit monitoring and identity theft protection services has been extended from two (2) years to five (5) years. This adjustment from 2-year to 5-year coverage ensures that all those individuals impacted by the privacy breach in October 2021, who chose to register for Equifax services prior to the deadline of September 30, 2023, receive the same length of coverage regardless of the type of information they had taken during the cyber-attack.