Eastern Health has completed a review of a network drive that was compromised in the cyber attack that paralyzed the healthcare system for a time back in the fall of 2021.

Last March Eastern Health revealed that 200,000 files were taken from a network drive during the attack, and a review began to determine the number of files on the drive containing health and personal information.

That review is now complete and Eastern Health says about 20,000 files on the drive contained such information, affecting approximately 31,500 people. They say the majority of those affected are patients, while 280 are either current or former staff.

Eastern Health previously indicated that the drive contained various pieces of information dating back to 1996—including things such as medical diagnoses, procedure types, MCP numbers, the ordering healthcare provider for some services provided, and some human resources and administrative information.

It has since been determined that the social insurance numbers for fewer than 20 people and the banking info for fewer than five patients was compromised. There’s nothing to indicate that information has been misused at this time.

Eastern Health has begun notifying people of the breach. This will be done in a phased approach, with the first letters being sent out this week and continuing into January. Anyone with questions is asked to contact them by using the number provided on the letter.

As well, Eastern Health says the deadline to apply for Equifax Canada credit monitoring and identity theft protection has been extended to September 30, 2023.

Eastern Health has provided an update on this privacy breach to the Newfoundland and Labrador Office of the Information and Privacy Commissioner (OIPC). General questions can be directed to the provincial toll-free information line at 1-833-718-3021. For more information regarding the cyber incident, please visit the Government of Newfoundland and Labrador’s website at https://www.gov.nl.ca/hcs/information-and-updates-on-cyber-incident/.