37,800 people sent privacy breach notifications linked to a cyberattack in the Netherlands

Newfoundland and Labrador’s largest health authority notified 37,800 people that their privacy had been breached in the devastating cyberattack last fall.

This number equates to approximately one in 13 people in the province.

And according to Eastern Health, it could go even higher.

Those affected include patients, as well as current and former employees.

The Department of Health directed interview requests to Eastern Health, which did not make anyone available for an interview.

In October, cybercriminals rocked Newfoundland and Labrador’s healthcare system.

Information was stolen, lab results were inaccessible, and procedures and treatments were delayed.

Government officials have been tight-lipped about what happened, declining to say whether it was a ransomware attack or who was responsible.

The initial bad news spawned by the attack worsened in March, with the revelation that the extent of the breach was worse than initially thought.

Over 200,000 files had been extracted from an Eastern Health network drive.

Health authority CEO David Diamond said at the time that a review had been launched to determine how many people had been affected.

“We expect the number to be significant, it could be thousands of people ultimately between staff and patients,” Diamond said March 30.

“But that will become clear as we do the work over the next six to eight weeks.”

Those weeks have now passed, and what was once “thousands of individuals” is, at this point, 37,800.

A statement emailed from Eastern Health suggested it could climb even higher.

“All customers who have accessed any Eastern Health service at any time have been impacted by the resulting breach of their personal health information,” the health authority noted.

“Our investigation into the records associated with the Eastern Health shared drive breach is continuing. This review should give us a better idea of ​​the number of people involved.”

Officials did not respond to a follow-up message from CBC News seeking clarification on the statement that “all customers who took advantage of an Eastern Health Service at any time were affected.”

Lee Kim is senior director of cybersecurity and privacy at the Healthcare Information and Management Systems Society, a global nonprofit organization dedicated to advancing healthcare through information and technology. (Radio Canada)

Lee Kim, senior director of cybersecurity and privacy for the US-based nonprofit Healthcare Information and Management Systems Society, said the breach underscores the importance of strong defenses for IT operations.

“The harder you make it for attackers to compromise your systems, the less it is for those cyberattackers to want to violate us,” Kim said from Pittsburgh this week.

Anyone caught in the attack should keep tabs on their medical and financial records, Kim added.

“You just need to be a little more diligent,” Kim said.

To help with this, the province offers free credit monitoring and identity theft protection services.

So far, more than 21,000 people have applied to register, according to Eastern Health.

Learn more about Radio-Canada Newfoundland and Labrador