Cyber Incident Victim: Nova Scotia Health Authority

The Nova Scotia Health Authority (NSHA) detected a data breach involving patient information on May 13, 2019, following a phishing attack that compromised an employee’s email account five days earlier on May 8. The breach exposed personal health information belonging to nearly 3,000 individuals under NSHA’s care. IT security teams identified unauthorized access to the email account during routine monitoring, triggering an internal investigation to assess the scope. NSHA publicly disclosed the incident on June 10, 2019, confirming the breach stemmed from a successful phishing attempt that granted attackers access to the employee’s credentials. No technical specifics regarding the phishing mechanism or duration of account compromise were disclosed in the announcement.

The health authority initiated direct notifications to all potentially affected patients following its internal review, though the exact nature of the exposed health data was not detailed publicly. No evidence suggested widespread misuse of the information at the time of disclosure. The incident marked one of several regional healthcare breaches reported in 2019, highlighting risks associated with email-based attacks targeting personnel with access to sensitive records. NSHA’s response focused on containment through credential resets and reinforcing staff cybersecurity training protocols. The breach underscored operational disruptions caused by such incidents, requiring coordinated IT forensic efforts and patient outreach over multiple weeks. Financial or legal repercussions stemming from the event were not disclosed in the initial public reporting period.