Officials confirm patient data stolen in N.L. cyberattack
CBC
Officials have confirmed that personal information of medical patients in Newfoundland and Labrador has been stolen in the cyberattack that has wreaked havoc on the provincial health-care system for over two weeks.
While speaking with reporters on Monday, Justice Minister John Hogan said it was his understanding that both patient and employee data have been taken in the attack.
The news follows Friday's update, where he said that employee data had been taken, but said the investigation had not yet determined if patient data had also been stolen. A spokesperson clarified that the situation changed following the Friday update, and the investigation was able to confirm that patient data had been stolen.
The stolen patient information includes names, addresses, Medical Care Plan (MCP) numbers, who the patient was visiting, the reason for the visit, name of doctor, phone numbers, birthdays, email addresses, in- and out-patient status, maiden name and marital status.
Hogan said the regional health authorities are responsible for the data, but that government has a responsibility to keep the public up to date on the evolving situation.
"We have a responsibility as well, as the government, to advise the public about any safety concerns," Hogan said.
Hogan said the government can not yet inform individuals if their data has been taken because it is part of the ongoing investigation.
Officials first said that patient and employee data had been stolen on Tuesday, before backtracking on Wednesday, saying the data had been "accessed," but the investigation could not confirm if data had been taken.
Hogan said there is no current evidence that the stolen data has been misused, but didn't rule out the possibility either.
Health Minister John Haggie said there is a "significant possibility" that data has been stolen from three regional health authorities: Eastern Health, Central Health and Labrador-Grenfell Health. Officials said last week that Western Health data has not been accessed.
Employee data from within the three affected health authorities may have also been taken during the breach, officials said last week.
That data includes names, addresses, contact information and social insurance numbers. Last week, Haggie said there is no evidence that banking information was stolen.
While Eastern Health confirmed on Friday that patient data had been stolen, Central Health and Labrador-Grenfell Health have not yet said the same. CBC News has asked for comment.
Although officials have now confirmed that both employee and patient data have been stolen, they would not reveal other details about the investigation, or even say if the stolen data was encrypted.
Former University of Waterloo student pleads guilty to 4 charges in connection to classroom stabbing
A 24-year-old former University of Waterloo student has pleaded guilty to four charges in connection to an on-campus classroom stabbing last June.