Privacy & Security
First Nations health data stolen, put on dark web
October 9, 2024
VANCOUVER – The First Nations Health Authority (FNHA) has concluded its investigation of a cybersecurity incident that occurred on May 13, 2024, and is notifying First Nations people in BC if and how they have been impacted. In addition to notifying First Nations people of the impact to their personal information, the FNHA will be offering appropriate supports, including live support through a Cyber Incident Support Centre.
“Upon discovery of unauthorized access to the FNHA network, our teams immediately deployed technological countermeasures to secure our files, systems and network from further attack,” said Richard Jock (pictured), CEO of the FNHA. “We then retained third-party cybersecurity experts to assist in containing, investigating and recovering from this incident.”
Through the investigation, the FNHA and its third-party experts identified a number of impacted files containing personal information. These files were reviewed using both technological and manual processes, which required time and attention to detail, to identify all of the people affected and the nature of the impacted personal information.
On its website, the organization said the FNHA did not have any contact with the attackers and it did not pay a ransom to anyone.
Nonetheless, the attackers did publish some or all of the files they stole on the dark web, which is an area of the internet that cannot be accessed by the general public using traditional web browsers. Unfortunately, FNHA has no ability to remove this information from the dark web once it has been published.
The investigation confirmed the following groups of people have or may have had their personal information impacted:
- Current (hired before May 13, 2024) and certain former employees of the FNHA (those who received a T4 tax form for the years 2021-2023);
- First Nations peoples who live or have recently lived in British Columbia (BC) and who have a Certificate of Indian Status card;
- First Nations peoples and their immediate non-First Nations family members who lived on reserve or in First Nations communities in BC on or before March 29, 2016 and who had one or more Tuberculosis screening tests prior to that date;
- Individuals who have filed compliments or complaints, or who have had a compliment or complaint filed on their behalf, with the FNHA’s Quality Care and Safety Office, or with another provincial health authority’s Patient Care Quality Office where that compliment or complaint was shared by or with the FNHA’s Quality Care and Safety Office between January 1, 2020 – May 13, 2024.
Although the impact of the cybersecurity incident is not the same for everyone, the attackers were able to access the following types of information:
- First and last names;
- In some, but not all cases, personal contact information such as home address; home or mobile phone number; email address;
- Demographic information such as date of birth and gender;
- Certificate of Indian Status Card number;
- Personal Health Number;
- Health insurance plan eligibility information (e.g. MSP, Pacific Blue Cross);
- Pacific Blue Cross health insurance claims information, including nature of claims and claims costs;
- Tuberculosis screening test results for those living on reserve or in First Nations communities in BC and who were tested on or before March 29, 2016; and
- Information about compliments or complaints filed with or managed by the FHNA.
The FNHA has arranged to provide a credit monitoring and identity theft restoration service for a period of 24 months at no cost to anyone whose status number has been impacted by the cybersecurity incident. Additionally, a dedicated FNHA Cyber Incident Support Centre is available to people who may have questions not answered in the FNHA’s frequently asked questions page.
The FNHA was able to detect and interrupt this cybersecurity incident while it was in progress in order to limit the ultimate impact. Despite having robust security measures in place, the FNHA knows that cyber threats continue to evolve and that information security is an ongoing commitment.
“As cybersecurity threats become more persistent and increasingly sophisticated, information security continues to be a top priority for the FNHA,” said Jock. “We take a continuous improvement approach to ensure that our security measures keep pace with both known threats and new threats as they emerge. The FNHA commits to communicate such occurrences to the people we serve and to our system partners.”