**** NSHA Media Release
Nova Scotia Health Authority contacting patients about potential privacy breach
Nova Scotia Health Authority (NSHA) is in the process of sending out notifications to 2,841 patients and next of kin about a potential privacy breach regarding personal health information.
The possible breach was discovered by NSHA’s information technology security team when an employee’s email account was compromised by an unauthorized outside user performing a phishing attack. Phishing emails often look like legitimate messages but the sender can gain access to an individual’s email account if they enter their log-in information in the link provided.
Everyone who was possibly affected will hear directly from NSHA and we will be available to discuss the details of the possible breaches of confidentiality with them.
We apologize to anyone whose private information may have been viewed and who entrusts our organization and its people with care of their health and safeguarding of their personal health information.
We have notified the Office of the Information and Privacy Commissioner of Nova Scotia and will work with the office on any recommendations they may offer as a result of this potential breach.
Staff and physicians across our organization require varying degrees of access to information to provide care to our patients. Our organization takes several steps to ensure that all employees understand their obligation to protect patient information, as well as to monitor and identify inappropriate activity.
These steps include:
- Pledges of confidentiality signed by all staff, and standard orientation regarding privacy across the province.
- Ongoing in-person education for managers and front-line staff about cyber scams and phishing emails.
- Educating staff about the importance of appropriate electronic storage of patient health information and proper maintenance of e-mail files.
NSHA takes any breach of confidentiality seriously, and thoroughly investigates potential inappropriate access.