Please see the communique below from Eastern Health regarding the privacy breach involving employee’s information.
NAPE was informed of this breach this morning. We are continuing to monitor this situation and trying to get as much information from Eastern Health as possible. We will update as information becomes available.
To: All Staff
From: David Diamond, President and CEO
Date: June 26, 2015
Subject: Eastern Health Identifies Privacy Breach of Employees
Eastern Health began the process today of advising affected employees of a privacy breach. The breach occurred when a USB flash drive was noticed missing from the Human Resources Client Services Office on Kenmount Road in St. John’s. The USB flash drive contained a spreadsheet, including the names, employee numbers and social insurance numbers (SIN) of about 3,300 employees.
The USB flash drive was last used on June 17, 2015, two days before it was reported missing on June 19, 2015. An internal investigation was immediately launched, but despite all concerted efforts made to recover it, we regret that the missing flash drive has not been found. The Office of the Information and Privacy Commissioner has been notified and has begun a formal investigation. We have also reported the situation to the RNC though we have not received any indication that the information has been used for fraudulent purposes.
We have identified about 3,300 employees whose SINs were on the flash drive. This morning, we began the process of calling these employees to advise them. These employees primarily work in city facilities, have a last name beginning with the letters P through Z, and were working with Eastern Health between May 2014 and June 2015.
The names and employee numbers only of approximately 5,700 other employees were also on the missing drive. All employees – about 9,000 – will receive a letter from Eastern Health starting the week of June 29, 2015.
I want to assure our employees that we take all breaches of privacy very seriously and have taken measures to address concerns and protect personal information. A toll-free information line is set up for employees who may have concerns about possible impacts. Employees with questions are encouraged to call (709) 752-5252 or 1-877-720-2323.
If you are one of the 3,300 employees who we call to advise that your personal information was breached and you are concerned about identity theft, we encourage you to request a copy of your credit report if you suspect any suspicious activity. Credit reports are available free of charge from the two national credit bureaus, Equifax (1-800-465-7166) and TransUnion (1-800-663-9980). If suspicious activity is suspected, you are encouraged to request that the credit bureau flag your file so that the bureau will monitor unusual credit activity in your name. We will also include with your letter some additional key steps to follow if you suspect that someone is using your personal information fraudulently.
For those employees whose employee numbers only are on the flash drive, there is low risk of a negative consequence. Employee numbers can be currently found on identification badges and in public areas throughout many of our facilities.
We also plan to upgrade our anti-virus platform so that USB drives will be automatically encrypted before use. This measure would force non-encrypted sticks to go through an encryption process before they could be used on Eastern Health computers.
On behalf of the Board of Trustees and the Executive team, I’d like to apologize to those employees whose privacy has been breached and to all employees who entrust us with their personal information. Going forward, we will explore ways to further strengthen our privacy practices surrounding safe security measures and storage of portable storage devices. We will also cooperate fully with the investigation of the Office of the Information and Privacy Commissioner.
I would also like to remind each of you of your duty and of the importance of securing personal information at all times. If you have any questions or concerns for the Privacy Office, I encourage you to contact the Privacy hotline at (709) 752-8929 or 1-800-563-6611.