More health info stolen in N.L. cyberattack than government originally reported

The investigation into the cyberattack on Newfoundland and Labrador's health-care system in Octoberhas revealed more data was stolen than originally thought, says the provincial government.

According to Eastern Health CEO David Diamond, the provincial government learnedFeb. 25thatthieves had taken more information than they had previously reported.

But that didn't become public until amedia briefing Wednesday morning,when Diamond said more than 200,000 files were taken from an Eastern Health network drive thatmight contain patient and employee information dating as far back as 1996.Initial reports indicated the breach on Eastern Health employee data reached back as far as 2008.

"We're currently doing the work, undertaking a manual review to determine the exact number of files that contained personal health or personal information," he said.

Health Minister John Haggie said work is underway to notify people whose information was stolen, and to provide them withcredit monitoring and identity theft protection services at no cost.

"We obviously regret that this incident occurred," Haggie said. "At this stage of the investigation we have a good understanding of the information involved in this incident."

WATCH: N.L. health minister refuses to provide cyberattack details

3 years ago

Duration 3:46

A compilation of John Haggie refusing to answer certain questions about the cyberattack against the province's health-care system including who the attackers were, and whether the government paid a ransom at a Wednesday news conference.

Still won't answer questions

But the government is still refusing to answer some questions about the attack including who the attackers are, whether there was a ransom demand, whether a ransom was paid, and how the attackers were able to access the system.

When asked again Wednesday if the provincial government paid a ransom to regain access to its IT systems, Haggie said, "I won't be answering that question."

Sources have told CBC News the attack wasransomware: an attack in which hackers break into a network, trigger software to encrypt data on the network and demand payment in order to decrypt the data, holding the network and its owner hostage.

Haggiestill would not provide details on who is responsible for the attack, citing security elements and portions of the investigation still underway by other organizations. He also wouldn't say how much the cyberattack and the investigation have cost the province so far.

"We have been advised by our security advisors, local, national and international, that giving away details of the incident beyond a certain point would be unwise and possibly jeopardize our abilities in the future to deliver services," Haggie said.

Watch the full March 30 briefing:

Wednesday markedthe province's first update on the cyberattacksince December, when Diamond told reporters the system had to be rebuilt from scratch after some services were forced to shut down for weeks.

The attack, whichwas discovered by officials on Oct. 30 and made public two weeks later,caused thousands of appointments, procedures and the province's COVID-19 testing program to be delayed. Haggie told reporters at the time the"brain of the data centre" that powersthe province's health-care system had been damaged.

Diamond said Wednesday the stolen information may include medical diagnoses, procedure type andMCP numbers as well ashuman resources and administrative information.

"In terms of personal financial information and health information, we're not aware that any of that has been misused at this point," Diamond said.

"There's a lot of monitoring happening with the cyber experts that we have, folks who are searching the dark web and trying to ensure that if something were to be misused that we would know about that. We're not seeing that."

He said the deadline to enrol with Equifax's credit monitoring service has been extended to the end of the year and a web portal is being developed to make the registration process easier. The portal is expected to be rolled out within the next two weeks, he said, adding Eastern Health is continuing to implement further IT security measures.

Identifying victims

As moreinformation is confirmed, letters will be sent by mail to affected individuals advising them of the details of the breach, saidDiamond. Anyone who hasquestions can contact Eastern Health's Privacy Office, he said.

Diamond said the number of people affected could be in the thousands, but the number will become clearer as the investigation continues.

PC Opposition leader David Brazil said Wednesday afternoon his party is disappointed the government isn't being more open and transparent about the attack.

"We need to be reassured, and the people of this province need to be reassured that there's a mechanism in play that this doesn't happen again," he said.

Read more from CBC Newfoundland and Labrador