PUBLIC NOTIFICATION OF PRIVACY BREACH OF PERSONAL HEALTH INFORMATION
Updated: December 14, 2011
Eastern Health is advising the public of a breach of personal health information that occurred in October 2021. While the incident is currently under investigation, we are advising that some personal health information about clients of Eastern Health was taken in the incident.
At this time, we can confirm that some personal health information of clients who received services from Eastern Health over approximately the last 11 years is involved. This includes information used at registration for services such as name, address, health care number (MCP), who you are visiting, and reason for visit, physician name, phone number, date of birth, and email address for notifications, inpatient/outpatient, maiden name and marital status. There is no indication that this information has been misused at this time.
In addition, it has been determined that social insurance numbers for some patients were involved in this breach. Approximately 1,970 Eastern Health patients had SINs breached and, because more than half of these patients are now deceased, approximately 900 Eastern Health patients will receive direct notification by mail. Beginning this week, letters will be sent to Eastern Health patients whose SIN was breached with an offer of five years of credit monitoring and identify theft protection at no cost to them. Individuals who have questions are encouraged to contact Eastern Health’s Privacy Office via the contact information provided in the notification letter.
Eastern Health takes confidentiality and privacy very seriously and sincerely regrets any concern or inconvenience that this incident may cause. We are taking steps to protect the confidentiality and privacy of our clients. For the general public, a provincial call center has been established and can be contacted through the following toll-free number, 1-833-718-3021. For more information please visit https://www.gov.nl.ca/hcs/information-and-updates-on-cyber-incident/ for steps you can take to protect your information.
Credit monitoring services will be made available for current and prior clients of Eastern Health as soon as reasonably possible. If you have received services from Eastern Health in the time period indicated, we recommend you avail yourself of this service to ensure the protection of your information. We will provide further information as soon as the details are available. Please visit the Eastern Health website in the coming weeks for more information on how you can access this service.
Mental health supports for clients are also available and include the Bridge the Gapp website which may be accessed through the following link www.bridgethegapp.ca. Other services are available through the CHANNAL Warm Line [1-855-753-2560] and the Provincial Mental Health Crisis Line [1-888-737-4668]. In-person services may also be accessed through Doorways Mental Health Clinics throughout the Eastern Region. Federal Government services may also be accessed through the Wellness Together Canada Portal that can be accessed through the following link https://wellnesstogether.ca/en-CA.
Eastern Health has taken immediate action to prevent further incidents and these efforts will continue. Eastern Health notification protocols through the Newfoundland and Labrador Office of the Information and Privacy Commissioner (OIPC) have been completed. The RCMP and other external resources are currently involved, provincially, to fully investigate the incident. We appreciate your patience and understanding as the investigation continues.
If you are not satisfied with Eastern Health’s response to this privacy incident, you have the right to contact the OIPC. This Office has oversight of two Acts, one of which is the Personal Health Information Act (PHIA); this oversight includes receiving complaints and investigating breaches of personal health information. OIPC NL wishes to advise, however, that the Commissioner has already decided to launch a privacy investigation. Unless you believe there are very specific circumstances particular to your own case that would warrant an individual complaint, it won’t be necessary for individuals to file a complaint. If you have any questions or aren’t sure if you should file an individual complaint, feel free to contact the OIPC to discuss further. The Office may be contacted through the following address:
Office of the Information and Privacy Commissioner
2 Canada Drive
P.O. Box 13004, Station “A”
St. John’s NL, A1B 3V8
Once again, we deeply regret that this has happened and provide assurance of our continued commitment to quality service and protection of your privacy.
If you have any further questions or concerns, please feel free to contact the Eastern Health privacy representative at email@example.com.