Newfoundland and Labrador Justice Minister John Hogan has confirmed that regional health authority employee information was stolen in the cyberattack that has disrupted the province's health-care system for nearly two weeks.
Earlier this week, officials announced that patient and employee information had been accessed in Eastern Health, Central Health and Labrador-Grenfell Health, but not in Western Health.
Now, Hogan said officials have confirmed that employee data in Eastern Health, Central Health and Labrador-Grenfell Health has not only been accessed, but also stolen.
"As the investigation has continued throughout Thursday and even into today, we received confirmation from our cyber experts and their investigative team certain data has been taken from the regional health authorities," Hogan said in an interview with CBC News on Friday.
He said the investigation has not yet confirmed whether patient information was also stolen, but it is possible.
Hogan said the government waited until Friday to say information had been stolen because it could not be confirmed earlier.
"We don't ever at any stage of this investigation and our public disclosure want to speculate. Speculation can lead to unintended consequences in this very, very serious situation with regards to the bad actor in this cyberattack," said Hogan.
Officials believe Eastern Health employee data going back 14 years, Central Health employee data going back 13 years and Labrador-Grenfell Health employee data going back nine years were taken during the breach.
The stolen information includes names, addresses, contact information and social insurance numbers. On Wednesday, Health Minister John Haggie said there is no evidence that banking information was stolen.
The province will be providing free credit monitoring services to affected individuals.
On Friday, Hogan said although the government has been able to confirm that data was indeed stolen, it doesn't yet have any evidence indicating that it has been misused. He said the investigative team is monitoring for potential misuse of the stolen data.
The news comes after officials backtracked on their initial statement that the data had been stolen, saying instead on Wednesday that patient and employee information had merely been "accessed."
"Access is different than exfiltration," said Hogan during a media briefing Wednesday.
Additionally, during a technical briefing on Tuesday, an official said the accessed data was unencrypted. On Wednesday, Haggie appeared to walk that statement back, saying he could not confirm whether the data had been encrypted.
The provincial government has so far been cagey on the details about the cyberattack, including who is behind it and their intentions. Sources have told CBC the security breach is a ransomware attack, but so far government officials have not confirmed the nature of the cyberattack and will not say if they have received a ransom demand.
Many services set to resume on Monday
As the investigation into the cyberattack continues, all four health authorities have announced they will be resuming blood collection and medical imaging services after receiving confirmation from the Newfoundland and Labrador Centre for Health Information that the required IT systems are now functional.
In a media release Friday evening, Eastern Health said starting Monday, patients should go to their scheduled appointments. Those who have missed their appointments should call their local blood work clinic to reschedule, and should bring their requisition form if they received it after Oct. 29.
Medical imaging appointments in the Eastern Health region will begin with the most urgent appointments missed in the past two weeks, said the health authority. Patients will be contacted directly if their appointment is going ahead.
In a media release Friday, Central Health said medical imaging services will resume, although some appointments may be rescheduled in order to fit in urgent appointments cancelled since the cyberattack began. Central Health said patients with an appointment on Monday should attend unless they're contacted to reschedule.
Central Health acting vice-president Craig Davis said most of the IT system applications that were down due to the cyberattack are now up and running again.
"We are able to resume services back to a level that would be close to the pre-IT system outage level," said Davis.
According to the regional health authority, laboratory services — including blood work — will resume Monday, and patients with cancelled appointments will be contacted to reschedule.
Surgeries, endoscopies and outpatient services at the James Paton Memorial Hospital and the Central Newfoundland Regional Health Centre will also resume Monday, but patients will be contacted regarding their appointments, said Central Health.
Other services, like chemotherapy, had already resumed, and will continue on Monday. The health authority said patients may still experience delays due to the cyberattack.
Western Health has also resumed many services, including medical imaging and blood collection.
Elective surgeries, colonoscopies, endoscopies, interventional pain, outpatient EKG and pulmonary function tests will not go ahead. The health authority said it will contact individuals whose appointments are proceeding.
Western Health said it will contact patients to reschedule appointments and procedures once all services have been restored.
On Friday evening, Labrador-Grenfell Health said all services would be resuming on Monday, and it would contact patients who have had appointments and procedures cancelled due to the cyberattack.