In the Eastern Health and Labrador-Grenfell Health regions of the Newfoundland and Labrador healthcare system, hackers stole personal information pertaining to both patients and employees.
A patient information database and other essential communication channels, including email, were accessible through the province's Meditech data repository.
The compromised information includes names, birthdays, addresses, email addresses, phone numbers, medical care plan (MCP) numbers, the name of the person's family doctor, marital status, and in and out-patient times.
There was no indication that banking information was included in the breach.
Source: https://www.cbc.ca/news/canada/newfoundland-labrador/nl-cyberattack-nov-9-1.6242504
TPRM report: https://scoringcyber.rankiteo.com/company/government-of-newfoundland-and-labrador
"id": "gov047111122",
"linkid": "government-of-newfoundland-and-labrador",
"type": "Cyber Attack",
"date": "11/2021",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Newfoundland and Labrador',
'name': 'Newfoundland and Labrador Healthcare System',
'type': 'Healthcare'}],
'attack_vector': 'Unauthorized access to Meditech data repository',
'data_breach': {'personally_identifiable_information': ['Names',
'Birthdays',
'Addresses',
'Email addresses',
'Phone numbers',
'Medical care plan '
'(MCP) numbers',
'Family doctor names',
'Marital status',
'In and out-patient '
'times'],
'sensitivity_of_data': 'Medium to High',
'type_of_data_compromised': ['Personal information',
'Health information']},
'description': 'Hackers stole personal information pertaining to both '
'patients and employees in the Eastern Health and '
'Labrador-Grenfell Health regions of the Newfoundland and '
'Labrador healthcare system.',
'impact': {'data_compromised': ['Names',
'Birthdays',
'Addresses',
'Email addresses',
'Phone numbers',
'Medical care plan (MCP) numbers',
'Family doctor names',
'Marital status',
'In and out-patient times'],
'payment_information_risk': 'No indication of banking information '
'compromise',
'systems_affected': ['Patient information database',
'Essential communication channels',
'Email']},
'initial_access_broker': {'entry_point': 'Meditech data repository'},
'motivation': 'Data theft',
'threat_actor': 'Hackers',
'title': 'Data Breach in Newfoundland and Labrador Healthcare System',
'type': 'Data Breach'}