Through the course of the ongoing investigation and review, it has been determined that some personal health information of our clients, and personal information of our current and former employees, physicians and locums was taken during the October 2021 cyber-attack that impacted health-care information technology (IT) systems across the province.
At this time, there is no indication the information taken has been misused or disclosed and no evidence that banking information was involved.
For current and former clients:
While the incident is currently under investigation, we can confirm that some personal health information of our clients was taken in the incident. This involves some personal health information of those who received services from Eastern Health at any time over approximately the last 11 years, and includes information used at registration for services such as: name, address, medical care plan (MCP), who a client is visiting, and reason for visit, physician name, phone number, date of birth, and email address for notifications, inpatient/outpatient, maiden name and marital status.
In addition, it has been determined that social insurance numbers for some patients were involved in this breach. Approximately 1,970 Eastern Health patients had SINs breached and, because more than half of these patients are now deceased, approximately 900 Eastern Health patients will receive direct notification by mail. Beginning this week, letters will be sent to Eastern Health patients whose SIN was breached with an offer of five years of credit monitoring and identify theft protection at no cost to them. Please read the following public notification of privacy breach of personal health information.
For current and former employees, physicians and locums:
Some of the personal information of current and former employees, physicians and locums was taken during the same cyber incident. This includes information such as: name, address, contact information, and social insurance number of employees of Eastern Health over approximately the last 28 years. Please read the following privacy breach of current and former employee’s personal information.
Credit monitoring and identity theft protection service
Health and safety remain our top priority. We deeply regret that this incident occurred, and we have taken immediate action to reduce the risk of further incidents and these efforts will persist. We would like to provide assurance of our continued commitment to the protection of the privacy of our current and former employees and clients.
Affected clients, as well as current and former employees, physicians and locums, are being offered access to credit monitoring and identity theft protection services through Equifax Canada, at no cost to them. Please follow the most appropriate link below to learn more about the service that is available to you.
A process is being identified for affected individuals who require extra support to access the Equifax service. Details will be shared once finalized.
As always, individuals are encouraged to remain vigilant regarding their financial information. If you notice any unusual activity in any of your accounts or your account statements, please contact your service providers as soon as possible.