June 10, 2019 12:30 pm
Updated: June 10, 2019 2:19 pm

NSHA suffers privacy breach, nearly 3,000 patients possibly affected

The Nova Scotia Health Authority is informing nearly 3,000 patients of a security breach.

AP Photo/Kin Cheung, File
A A

The Nova Scotia Health Authority (NSHA) is in the process of notifying nearly 3,000 people about a potential privacy breach involving personal health information, the organization announced on Monday.

The health authority says the breach was detected by its IT team on May 13, 2019, after an employee’s email account was compromised due to a phishing attack on May 8, 2019.

Story continues below

A phishing attack is an email or message that appears to be legitimate but can allow someone to gain access to the individual’s email account.

READ MORE: Nova Scotia’s ‘failure’ to carry out due diligence on FOIPOP website led to data breach

Karen Hornberger, director of privacy at the NSHA, said that in this case, the employee used her username and password on a false link sent to her email, allowing access to the employee’s email inbox.

Hornberger said the breach of information was related to “surgical procedures scheduled or going to be scheduled” at the Colchester East Hants Health Centre in Truro, N.S.

The NSHA says 2,841 people and their next of kin are being notified.

Hornberger stressed that this is just a potential breach.

“We have no way of confirming what would have been viewed by the people perpetrating the attack. But there was a… possible exposure of information, and when that happens, we have a duty to inform the public,” she said.

“We do want to apologize that this happened.”

Nova Scotia’s Office of the Information and Privacy Commissioner confirmed to Global News that it had been notified of the breach.

The office says it will be following up with the NSHA about the incident but has not launched a formal investigation.

WATCH: Government not stressing cybersecurity importance with MLAs

The NSHA says it will work with the privacy commissioner to implement recommendations that may be offered in light of the breach.

The health authority has promised to push for education in response to the breach.

“We’re going to continue to educate our employees and other folks who have an NSHA email account regarding these sort of attacks and how to spot them and avoid them,” said Hornberger.

“Essentially, to not take the bait.”

© 2019 Global News, a division of Corus Entertainment Inc.

Report an error

Comments

Want to discuss? Please read our Commenting Policy first.