DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Eastern Health Provides Update Regarding Breach of Privacy and Information

Posted on December 15, 2021 by Dissent

December 14, 2021 – St. John’s, NL: Eastern Health advises the public that the ongoing investigation into the cyber-attack that impacted health-care information technology (IT) systems across the province has determined that some additional personal information and personal health information was impacted. The updated information regarding the breach related to Eastern Health patients, as well as current and former employees, physicians and locums is as follows:

Social Insurance Numbers (SINs) of Some Patients

  • It has been determined that social insurance numbers for some patients were involved in this breach.
  • Approximately 1,970 Eastern Health patients had SINs breached and, because more than half of these patients are now deceased, approximately 900 Eastern Health patients will receive direct notification.
  • Beginning this week, direct notification letters will be sent to Eastern Health patients whose SIN was breached with an offer of five years of credit monitoring and identify theft protection at no cost to them.
  • Individuals who have questions are encouraged to contact Eastern Health’s Privacy Office via the contact information provided in the notification letter.

RHA Patients with Bloodwork and Specimens Analyzed at Eastern Health Provincial Lab

  • The personal health information of patients who had specialized bloodwork or specimens analyzed by Eastern Health in the last 11 years is involved in the breach. This includes specialized bloodwork and specimens collected at any regional health authority or private clinic that were analyzed by Eastern Health during this time frame. This also includes COVID-19 testing that was processed in the provincial lab at Eastern Health.
  • It is important to note that the information breached does not include test results. Rather, the breached information includes information in Eastern Health’s registration system, such as name, address, health care number (MCP), reason for visit, their doctor, phone number, birth date, email address for notifications, in-patient/out-patient status, maiden name and marital status.
  • Any patient who had their personal health information impacted in this breach can sign-up for two years of credit monitoring and identify theft protection services from Equifax.

Updates to the Date Ranges of the Breach

  • The date ranges for this breach have been updated for both employee and patient information.
  • Employee information involved personal information such as name, address, contact information and Social Insurance Number. There is no evidence that banking information of employees was involved. The date range for current and former employees, physicians and locums has been updated to approximately the last 28 years from 14 years.
  • Patient information involved information such as is the type of information that is typically logged and used when a person comes for an appointment, such as name, address, health care number (MCP), reason for visit, their doctor, phone number, birth date, email address for notifications, in-patient/out-patient status, maiden name and marital status. The date range of the breach for Eastern Health patients has been updated to approximately the last 11 years from 14 years.

The credit monitoring and identify theft protection service through Equifax is available for five years free of charge for any employee or patient who had their SIN breached. For patients who have had personal health information breached, this service is available for a two-year period. For more information or to access the services, please call the provincial toll-free information line at 1-833-718-3021, or visit Eastern Health’s website at  https://www.easternhealth.ca/it-systems-outage/credit-monitoring-identity-theft-protection-services/.

For additional information, please visit the Government of Newfoundland and Labrador’s website at https://www.gov.nl.ca/hcs/information-and-updates-on-cyber-incident/.

Everyone is encouraged to remain vigilant and take steps to protect their information. If you notice any unusual activity in any of your accounts or your account statements, please contact your service providers such as your bank, or report this activity to the RNC. Further information on how to protect your information is available here.

Eastern Health appreciates the public’s patience and understanding as this investigation continues.

Related posts:

  • HHS starts to reveal healthcare breaches reported to government
Category: Government SectorHealth DataNon-U.S.

Post navigation

← Schumer, In Manhasset, Promises Cybersecurity Aid to School Districts
Long Island Jewish school’s website hacked with Nazi images, slurs →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.