The First Nations Health Authority has concluded its investigation into a cyber security incident that occurred in May, which compromised the personal information of First Nations people. On October 7 the FNHA announced that the process has begun of notifying First Nations people whose information has been impacted.
“On May 13, 2024, we detected unusual activity occurring on our information technology systems,” states FNHA on its website. “On initial investigation, our IT Team discovered that an unauthorized third party had gained access to our network and was in the process of accessing and copying files stored in a certain portion of our network for the purpose of stealing those files.”
News of the breach was released on May 22, when FNHA reported that an “unauthorized entity” had gained access to it’s corporate network and that immediate actions were taken to block the threat. At that time FNHA discovered evidence that “certain employee information and limited personal information of others has been impacted.” The system housed corporate, employee and client information.
“Upon discovery of unauthorized access to the FNHA network, our teams immediately deployed technological countermeasures to secure our files, systems and network from further attack,” said Richard Jock, CEO of the FNHA. “We then retained third-party cybersecurity experts to assist in containing, investigating and recovering from this incident.”
According to their investigation, FNHA has confirmed the following groups of people may have had their personal information impacted:
- Current (hired before May 13, 2024) and certain former employees of the FNHA (those who received a T4 tax form for the years 2021-2023);
- First Nations peoples who live or have recently lived in British Columbia and who have a Certificate of Indian Status card;
- First Nations peoples and their immediate non-First Nations family members who lived on reserve or in First Nations communities in B.C. on or before March 29, 2016, and who had one or more Tuberculosis screening tests prior to that date;
- Individuals who have filed compliments or complaints, or who have had a compliment or complaint filed on their behalf, with the FNHA’s Quality Care and Safety Office, or with another provincial health authority’s Patient Care Quality Office where that compliment or complaint was shared by or with the FNHA’s Quality Care and Safety Office between January 1, 2020 – May 13, 2024.
FNHA said while the majority of the compromised files contained no personal or confidential information, some files did.
“As a result of our review, we have now determined both who was impacted and what type of personal information was impacted by the unauthorized access to these files” stated the FNHA.
For some of those impacted, FNHA says the attackers were able to access the following types of information:
- First and last names;
- In some cases, personal contact information such as home address; home or mobile phone number; email address;
- Demographic information such as date of birth and gender;
- Certificate of Indian Status Card number;
- Personal Health Number;
- Health insurance plan eligibility information (e.g. MSP, Pacific Blue Cross);
- Pacific Blue Cross health insurance claims information, including nature of claims and claims costs;
- Tuberculosis screening test results for those living on reserve or in First Nations communities in B.C. and who were tested on or before March 29, 2016; and
- Information about compliments or complaints filed with or managed by the FHNA.
How do you know if your information has been compromised? FNHA invites those with Indian Status Cards to visit www.fnha.ca/cyberincident and click on the icon that reads “Am I eligible for credit monitoring?". Further instructions can be found at the end of this article.
If, after following these instructions, you receive an Activation Code and a link to the Equifax Complete™ Premier enrolment website, this means that your Status Number was impacted.
For those impacted, FNHA has arranged to provide a credit monitoring and identity theft restoration service for a period of 24 months at no cost. Additionally, a dedicated FNHA Cyber Incident Support Centre is available to people who may have questions.
As a protective measure the FNHA is offering to provide eligible individuals with a free two-year subscription to Equifax Complete™ Premier, a premium credit monitoring and identity theft prevention service. Key features of this service include the following:
- Daily monitoring and alerts for any changes to your Equifax credit report and score;
- Up to $1 Million Identity Theft Insurance;
- Dedicated ID restoration specialists will work on your behalf to help you recover from ID theft;
- Dark web internet scanning will alert you if the information you provide is found on the dark web; and
- Lost Wallet Assistance will help cancel and reissue lost bank/credit cards and government-issued ID.
- To be eligible for the Equifax Complete™ Premier service, your Status Number must have been impacted by this cyber attack, you must be over the age of 18, and you must have a Canadian credit file.
Please note that you have until January 31, 2025, to determine your eligibility for this service.
The FNHA says it has always taken information security very seriously.
“Despite having robust security measures in place, the FNHA knows that cyber threats continue to evolve, and that information security is an ongoing commitment,” stated the health authority.
“As cybersecurity threats become more persistent and increasingly sophisticated, information security continues to be a top priority for the FNHA,” said Jock. “We take a continuous improvement approach to ensure that our security measures keep pace with both known threats and new threats as they emerge. The FNHA commits to communicate such occurrences to the people we serve and to our system partners.”
To determine whether your Status Number has been impacted, please visit www.fnha.ca/cyberincident and click on the icon that reads “Am I eligible for credit monitoring?” and follow instructions.
If, after following these instructions, you receive an Activation Code and a link to the Equifax Complete™ Premier enrolment website, this means that your Status Number was impacted.
If you have received an Activation Code but are having difficulty enrolling in the Equifax Complete™ Premier service, please contact the Equifax Customer Care Centre at 1-800-395-5920 for assistance. The Equifax Customer Care Centre’s operating hours are 6:00 am – 6:00 pm PST, Monday to Friday, and 6:00 am – 3:00 pm PST, Saturday and Sunday.
FNHA offers the following advice to protect your personal information:
- Be alert to any unusual or suspicious email or telephone communications that you might receive and do not provide your passwords or banking PINs to anyone.
- Do not provide anyone who calls or emails you with any other type of your personal information unless you are absolutely certain who you are communicating with;
- If you haven’t changed your passwords on your various accounts in a long time, change them now. Use complex passwords that include letters, numbers and symbols. Do not use the same password across multiple accounts (e.g. email, online bank accounts and social media accounts);
- Do not open attachments or click on links in emails that you aren’t expecting to receive, even if they look like they are coming from someone you know. If possible, call the person and confirm that the email is valid.
- Do not call a number that is set out in an email if you don’t recognize that number. Look up the number in a separate directory; and
- If you confirm that you are the subject of identity theft, promptly report this to your local police and obtain the police file number.
For more information call the FNHA Support Centre at 1-844-723-6518. The operating hours of the Support Centre are 7:00 am – 3:00 pm Pacific time, Monday to Friday.
To reach the Support Centre by email, please contact cyberincident@fnha.ca. Emails can be sent at any time and a representative will respond within 48 hours of reading it during the Support Centre’s operating hours.