First Nations Health Authority target of cyber attack

VANCOUVER, B.C. — The First Nations Health Authority (FNHA) says a “partially successful cyber attack” has impacted many people’s personal information – in particular, Indigenous people and their immediate family members.

According to the health authority, the cyber attack happened on May 13th, when an unauthorized third party accessed their secure systems. 

The personal information gathered includes first and last names, home addresses, email addresses, personal health numbers, insurance claim details, and tuberculosis screening test results.

The attack impacted people with Certificate of Indian Status cards who were living or had recently lived in British Columbia at the time of the incident.

FNHA employees hired before the breach, individuals who have filed complaints with the FNHA’s Quality Care and Safety Office, and people living on reserves or in First Nations communities tested for tuberculosis before March 29th, 2016, were also affected.

FNHA’s CEO Richard Jock says immediate action was taken to remove the unauthorized party from its secure systems. 

“Upon discovery of unauthorized access to the FNHA network, our teams immediately deployed technological countermeasures to secure our files, systems, and network from further attack,” said Jock.

FNHA investigated along with third-party experts to identify the impacted files. 

“As cybersecurity threats become more persistent and increasingly sophisticated, information security continues to be a top priority for the FNHA,” said Jock

The attack came amid a spate of cybersecurity incidents in B.C. that hit targets including the provincial government, B.C. libraries, and the retailer London Drugs.

The health authority says it will offer support, such as a two-year subscription to a credit monitoring service, to everyone whose status card number was affected.

“While no organization is ever completely immune to these types of cyber incidents, the nature of which are constantly evolving, we also want to assure you that we continuously seek opportunities to further strengthen our information security infrastructure,” Jock continued. 

“We take a continuous improvement approach to ensure that our security measures keep pace with both known threats and new threats as they emerge.”