​​A copy of the full notification to accompany this release can be found he​r​e. Questions and answers are posted here. to reach the Support Centre, please call 1-844-723-6518 between the hours of 7:00 am – 3:00 pm Pacific time, Monday to Friday, or email cyberincident@fnha.ca. Emails can be sent ​at any time and a representative will respond within 48 hours of readin​g it during the Support Centre’s operating hours.

​​​In May 2024, First Nations Health Authority (FNHA) was the target of a partially successful cyber attack. The purpose of this notice is to inform individuals – primarily First Nations peoples and their non-First Nations immediate family members living on re​​​​​serve or in First Nations communities in British Columbia – that this cyber attack impacted many people's personal information. It is also to let you know how you can confirm whether you have been directly impacted, what we are doing to protect and support you, and what further steps you can take to protect yourself against the possible misuse of your personal information.

To be clear, when we say “i​​mpacted", we mean that your personal information may have been accessed and, potentially, copied and stolen, by an unauthorized third party.

What happ​ened?

On May 13, 2024 we detected unusual activity occurring on our information technology systems. On initial investigation, our IT Team discovered that an unauthorized third party had gained access to our network and was in the process of accessing and copying files stored in a certain portion of our network for the purpose of stealing those files. Once we detected this activity, we immediately deployed countermeasures to interrupt it, to eject that third party from our network, and to prevent any further unauthorized activity from occurring. We also retained third-party cybersecurity experts to assist with our containment and network remediation activities, and to conduct a forensic investigation into the nature and scope of the incident.

We immediately reported this incident to law enforcement and to the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC), offering them our full cooperation. We have been regularly updating the OIPC BC as our investigation has progressed.

Our investigation, which is now complete, also involved a detailed and very time-consuming review of the files that were impacted by the cyber attack. While the majority of the files contained no personal or confidential information, some files did. As a result of our review, we have now determined both who was impacted and what type of personal information was impacted by the unauthorized access to these files.

Who Was Impacted?​

Our investigation has confirmed that most individuals who are included in the following groups have personal information that has been impacted:

1. Current (hired before May 13, 2024) and certain former employees of FNHA (those who received a T4 tax form for the years 2021-2023);
2. First Nations peoples who live or have recently lived in British Columbia and who have a Certificate of Indian Status card;
3. First Nations peoples and their immediate non-First Nations family members who lived on reserve or in First Nations communities in British Columbia on or before March 29, 2016 and who had one or more Tuberculosis screening tests prior to that date; and
4. Individuals who have filed compliments or complaints, or who have had a compliment or complaint filed on their behalf, with FNHA's Quality Care and Safety Office, or with another provincial health authority's Patient Care Quality Office where that compliment or complaint was shared with FNHA's Quality Care and Safety Office between January 1, 2020 – May 13, 2024.

​It is possible for a single i​ndividual to belong to more than one, and possibly to all of these categories.

What Information Was Involved?​

The answer to this question is not the same for everyone. Some of the impacted files containing personal information include many names, while other files name only one or a few individuals. Generally speaking, however, the unauthorized third party was able to access the following types of personal information:

• First and last names;
• In some, but not all cases, personal contact information such as home address, home or mobile phone number, and/or email address;
• Demographic information such as date of birth, gender and/or British Columbia registered band or First Nations community name;
• Certificate of Indian Status card number (Status Number);
• Personal Health Number (PHN);
• Health insurance plan eligibility information (e.g. for the Medical Services Plan and for Pacific Blue Cross);
• Pacific Blue Cross health insurance claims information, including in some cases the type, number and associated costs of individual claims;
• Tuberculosis screening test results for those living on reserve or in First Nations communities in British Columbia on or before March 29, 2016; and
• Information about compliments or complaints filed with or managed by the FNHA Quality Care and Safety Office between January 1, 2020 – May 13, 2024.

​What we are doing?

(a) ​Credit Mo​​nitoring and Identity Theft Restoration Services

If your Status Number has been compromised, you may be at risk of identity theft. As a protective measure we are ​​​offering to provide eligible individuals with a free two-year subscription to Equifax Complete™ Premier, a premium credit monitoring and identity theft prevention service. Key features of this service include the following:

• Daily monitoring and alerts for any changes to your Equifax credit report and score;
• Up to $1 Million Identity Theft Insurance¹​​;
  
• Dedicated ID restoration specialists will work on your behalf to help you recover from ID theft;
• Dark web internet scanning will alert you if the information you provide² is found on the dark web; and
• Lost Wallet Assistance will help cancel and reissue lost bank/credit cards and government-issued ID.

To be eligible for the Equifax Complete™ Premier service, your Status Number must have been impacted by this cyber attack, you must be over the age of 18, and you must have a Canadian credit file.

To determine whether your Status Number has been impacted, please visit www.fnha.ca/cyberincident and click on the icon that reads “Am I eligible for credit monitoring?". Please follow the instructions given. If, after following these instructions, you receive an Activation Code and a link to the Equifax Complete™ Premier enrolment website, this means that your Status Number was impacted. Please note that you have until January 31, 2025 to determine your eligibility for this service.

Once you have your Activation Code, proceed to the Equifax Complete™ Premier enrolment website, www.equifax.ca/activate, to complete your enrolment form. This website is managed by Equifax, and FNHA has no access to the information you provide to Equifax.

Select one of the two options:

If you are an existing myEquifax user:

Use the link to sign into your account to redeem your unique Activation Code.

If you are new to myEquifax and need to create an account:

Enter and submit your unique Activation Code to begin, then follow the instructions to create your myEquifax account and complete your enrolment.

Please note that you have until February 28, 2025 to complete your enrolment, after which your Activation Code will expire.

If you have received an Activation Code, but are having difficulty enrolling in the Equifax Complete™ Premier service, you should receive an error message on the enrolment page. Please follow the instructions set out in that error message.

Unfortunately, FNHA cannot create an Equifax Complete™ Premier account on your behalf.

(b) Confirm whether your Tuberculosis screening test results have been impacted

If you are a First Nations person registered with a band or First Nations community in British Columbia, or if you are an immediate non-First Nations family member who lived on reserve or in a First Nations community in British Columbia prior to March 29, 2016, and you've had one or more Tubercul​​osis screening tests, it is extremely likely that your information has been impacted.

If you would like to be 10​​0% certain, please call the FNHA Cyber Incident Support Centre at 1-844-723-6518. Please tell the representative who answers your call that you would like to know if your name is included in the Tuberculosis screening file. The representative will ask you to provide your first and last name, as well as one of the following pieces of information: your status number, your personal health number or your date of birth.

(c) Mental H​ealth and Wellness Supports

We also understand that you may be distressed by the information we are providing in this notice. Should you require them, please consult our list of culturally safe and trauma-informed cultural and mental health services, available 24 hours a day. That list can be found www.fnha.ca/cyberinc​identsupports​.  

Additional steps yo​​​u can take to protect yourself

The following are steps that ​​cybersecurity experts recommend you to follow at all times, but that are especially important to follow if your personal information has been impacted by a cyber incident:

• If you are eligible for Equifax Complete™ Premier, activate your complimentary account;
• Regularly monitor your financial account statements (e.g. bank accounts, credit cards, etc.) for unusual activity and report any such unusual activity to your bank or credit card company;
• Once a year, order and review a copy of your free credit report from Equifax and/or TransUnion and contact them if there are any accounts or other entries that you do not recognize;
• Be alert to any unusual or suspicious email or telephone communications that you might receive and do not provide your passwords or banking PINs to anyone. Be very careful about providing any personal information to anyone who calls or emails you to ask for it;
• Change your passwords on your various accounts periodically. Use complex passwords that include letters, numbers and symbols. Do not use the same password across multiple accounts (e.g. email, online bank accounts and social media accounts);
• Don't open attachments or click on links in emails that you aren't expecting to receive, even if they look like they are coming from someone you know. If you know the sender, call them and confirm that the email is valid; and
• If you confirm that your identity has been stolen or used fraudulently, promptly report this to your local police and obtain the police file number.

​For More​ Information​​

We understan​​d that receiving a notice like this is distressing, and that you are likely to have additional questions. We have created and published Q&A information at www.fnha.ca/cyberincident to try to answer some of those questions proactively. We will continuously update the Q&A as we become aware of additional information that you might find useful.

If you have further questions after reviewing this notice and the Q&A, we have set up a dedi​cated FNHA Cyber Incident Support Centre that you can reach by telephone or by email if you have any questions that have not been answered here. To reach the Support Centre please call 1-844-723-6518 or email cyberincident@fnha.ca. The operating hours of the Support Centre are 7:00 am – 3:00 pm Pacific time, Monday to Friday.

In closing​​​

While no organization is ever completely immune to these types of cyber incidents, the nature of which are constantly evolving, we also want to assure you that we contin​​uously seek opportunities to further strengthen our information security infrastructure.  We sincerely apologize for the fact that this cyber attack has occurred, and for the impact that it may have on you. 

In Welln​​ess,

Richard Jo​​​ck

Chief Executive ​​Officer​

---

​​​​​​​¹ Identity theft insurance is underwritten by American Bankers Insurance Company of Florida or its affiliates. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions and exclusions of coverage. Coverage may not be available in all jurisdictions.

​​​​​²​ WebScan searches for your Social Insurance Number, passport number, up to 6 bank account numbers, up to 6 credit/debit card numbers, and up to 3 email addresses. WebScan searches thousands of Internet sites where consumers' personal information is suspected of being bought and sold, and regularly adds new sites to the list of those it searches. However, the Internet addresses of these suspected Internet trading sites are not published and frequently change, so there is no guarantee that we are able to locate and search every possible Internet site where consumers' personal information is at risk of being traded.​