5 big questions about cyberattacks during COVID-19

CBC

November 26, 2021 at 4:00 a.m.·5 min read

The Kemptville District Hospital temporarily shut down its emergency department in October after falling victim to a cyberattack. (Francis Ferland/CBC - image credit)

The hospital in Kemptville. The transit network in Gatineau. The municipal government in Clarence-Rockland.

Those are just a few of the Ottawa-area organizations victimized in recent weeks by cybercriminals, emboldened as the COVID-19 pandemic forces people to work from home and more and more business gets conducted online.

The health-care sector in particular has proven a juicy target: just this month, the Rideau Valley Health Centre also experienced a "cybersecurity incident" that took down its IT network.

And it's not just happening locally, with criminals carrying out a devastating attack on Newfoundland and Labrador's health-care network, stealing personal information connected to both employees and patients.

So how bad is the situation? Why is the pandemic exacerbating things? And what can organizations do to protect themselves? We put those sorts of questions to a pair of experts in the cybersecurity field, and here's what they had to say.

What kind of attacks are organizations facing?

Two of the most common attacks are phishing scams and the surreptitious installation of ransomware, according to Det. Sgt. Vern Crowley with the Ontario Provincial Police's Cybercrime Investigation Team.

Phishing attacks generally involve someone, somewhere, trying to lure people into providing personal information like passwords or banking information.

Just this week, an Ottawa man was one of three people arrested in connection with an alleged phishing scam that breached the province's COVID-19 immunization system.

Ransomware, on the other hand, is malicious software that — once it's been installed — encrypts data, forcing users to pay a ransom, usually in the hundreds of thousands of dollars, in exchange for the tools to regain access.

Have they really become more common during the pandemic?

The broad consensus appears to be that yes, the COVID-19 pandemic is contributing to a rise in cybercrime.

The Canadian Centre for Cyber Security (CCCS) has said crimes are being reported more frequently, especially lucrative ransomware attacks on the country's front-line health-care and medical research facilities.

Federal government employees working from home on virtual private networks (VPNs) were also warned in the early days of the pandemic to be on alert for phishing attacks.

Crowley said his team has "absolutely" seen attacks climb during COVID-19, as many organizations pay ransoms to get their data back and cybercriminals realize they can make a quick buck.

"A lot of criminals are just moving to the online world," he said. "It's been going on across the board. Every sector we see getting hit."

Why is health care such an appealing target?

According to iSecurity Consulting's Raheel Qureshi, whose firm works with dozens of Canadian hospitals and other health-care organizations, there are two big reasons.

The sector's highly integrated nature, with hospitals and clinics sharing patient records and exam results back and forth, means criminals can exploit weaknesses and encrypt data without anyone noticing, Qureshi said.

"The more complex your ecosystem is, the more difficult it is for you to detect and manage and track, right? Not that it can't be done, [but] there's a lot of investments required," he said.

"They're not in the business of cybersecurity. They're in the business of providing patient care."

What's more, when IT networks in the health-care field go offline, it can put people's lives at risk — and ransomware attackers know that urgency gives them leverage.

"The health-care sector is paying when it needs to," Qureshi said. "It's been a very lucrative business for these threat actors."

So how can organizations stay safe?

The best thing many organizations can do, Qureshi says, is to get a firm like his to perform a simulated ransomware attack: a two-to-three-week exercise that will pinpoint their IT weaknesses and offer solutions to fix them.

Individuals should also be tested, perhaps with a fake phishing attack, so that they know how to spot signs of danger and respond correctly, he adds.

Crawley says it's a good idea for organizations to ensure all important data is backed up offline. Those that use VPNs should implement multi-factor authentication to gain access — a password combined with, say, a one-time code sent via text message.

He says it's also important to keep on top of the latest cybercrime hacks and trends, whether that's through monitoring CCCS's alerts and advisories or checking for malicious websites through the non-profit Canadian Internet Registration Authority.

Ultimately, groups should always have a playbook to both prevent attacks and react if there's been a breach, Crawley said — one that involves notifying police. Different police forces can then cooperate on investigations to track down the perpetrators across the country and around the world.

If they're hit with ransomware, should they pay up?

It's a complicated question, and there's no easy answer.

Many perpetrators are "very professional in an unethical way," Qureshi says. Organizations that submit to the ransom demands generally get complete instructions for decrypting their files, around-the-clock service, and sometimes even text files explaining how to shore up their online defences.

Qureshi's theory is that "brilliant" hackers in developing countries may turn to cybercrime only because they lack the legitimate opportunities in places like North America or Europe, and don't bear any ill will to their targets.

"Deep down inside, they feel bad it's a hospital. But they don't feel bad, because at the end of the day, they think of it as a professional transaction," he said. "It's a different world."

Still, police would never condone paying a ransom, Crawley says — after all, you can't trust criminals to do what they say they'll do, and it just encourages them to keep breaking the law. But he also understands why someone might decide it's best to just cough up the money to make the problem go away.

"If you're in that level of jeopardy and have to do it, that's a business decision," Crawley said.

"All we say [from the] law enforcement side is, please ensure that you preserve any digital evidence in relation to the financial transactions or communications, so that we can get these guys."

CBC
Police identify man who plunged to his death from balcony
Toronto police have identified a man who plunged to his death from an eighth-floor balcony downtown late Wednesday in the city's latest homicide.Ryan Williams, 38, of Toronto, fell from a balcony just before midnight at a highrise in the area of Church and Shuter streets, police said in a news release on Thursday.Paramedics say they transported a man to a trauma centre. He was pronounced dead in hospital, according to police.Williams is the city's 24th homicide victim of the year.Police have sai
23 hours ago
CNN
Secret Service says agent on Harris’ detail was removed from assignment after distressing behavior
A Secret Service agent assigned to Vice President Kamala Harris’ detail was removed from their assignment after displaying behavior that colleagues found “distressing,” the agency said.
12 hours ago
People
“Call Her Daddy'”s Alex Cooper Models Her Wedding Night Lingerie in Instagram Reveal: See the Racy Look
Cooper wore a sexy lacy bodysuit from SKIMS' Wedding Shop collection after marrying Matt Kaplan in Mexico
2 days ago
Cosmo
Sabrina Carpenter looks practically naked in completely see-through lace mini dress
Sabrina Carpenter went braless wearing the Mirror Palais Anemone Dress in butter featuring illusion tulle adorned with lace appliqués along the neckline and hem
a day ago
HuffPost
Jamie Raskin Suggests Fitting New Home For 'Partisan' Supreme Court In Blistering Take
The House Democrat named the "most astonishing" thing he heard from one justice after the court heard arguments on Donald Trump's immunity claim.
5 hours ago
Yahoo News UK
Pensioner who worked at Clarks for 68 years given boot with two days' notice
Jill Cornick, 82, is out of work for the first time in her life after being told the Clarks shop she worked in since 1956 in Dorset was closing.
3 hours ago
Reuters
Trump's three US Supreme Court appointees thrash out immunity claim
When the U.S. Supreme Court ultimately rules on Donald Trump's claim of presidential immunity from prosecution, a third of those deciding the matter will be justices he appointed to their lifetime posts. Those three - Amy Coney Barrett, Brett Kavanaugh and Neil Gorsuch - posed questions from various angles as the nation's top judicial body heard arguments on Thursday in a case that provides a vital test of the power of the presidency. A key question, Gorsuch said, is "how to segregate private from official conduct that may or may not enjoy some immunity."
17 hours ago
HuffPost
Ex-Trump Lawyer Spots Donald Trump’s ‘Big Mistake’ That Will ‘Make His Campaign Cringe’
“That just brings back all those bad memories about that issue," Jim Schultz told CNN's Jake Tapper.
8 hours ago
HuffPost
Harvard Law Professor Offers Scathing Summary Of SCOTUS-Trump Arguments
Laurence Tribe pulled no punches over what he described as a “shameful performance by the court.”
5 hours ago
Cosmo
Kylie Jenner just revived the naked brow trend and she looks like a woodland fairy
Kylie Jenner shares Instagram selfies of her new bleached eyebrow look for 2024. She looks so different, with the ash-blonde look.
4 hours ago
The Daily Beast
Judge Upholds Trump’s $83 Million Defamation Verdict
Reuters/Brendan McDermidA federal judge in New York upheld a defamation verdict against Donald Trump, keeping him on the hook for the $83 million he owes E. Jean Carroll, the writer who accused him of sexual assault.Trump had motioned to receive a new trial, but Judge Lewis Kaplan rebuffed that effort, determining nothing was wrong with the first one that ruled against him.The decision affirms that Carroll suffered harm from Trump publicly railing against her in 2019, as she went public with her
18 hours ago
CBC
Makeshift slaughterhouse in a residential garage points to growing concerns about illicit meat sales
Inside a garage in an established Edmonton neighbourhood, animals were being slaughtered and the meat was advertised for sale to consumers, a CBC News investigation has learned.Police entered the rented garage in the quiet residential Woodcroft community in February 2023. Images shared with CBC News show piles of goat carcasses, tubs of blood and the remains of a skinned baby goat on a makeshift slaughter table.Neighbour John Bos told CBC News that the sounds of bleating goats first alerted him
20 hours ago
InStyle
Prince Edward and Duchess Sophie Feel Disappointed by King Charles Royal Title "Snub"
The "chosen ones" are reportedly sad they didn't get new roles after Prince William and Kate Middleton's latest appointments.
a day ago
People
All About Okla. Family Murder-Suicide, Where Dad Killed Wife, 3 Sons Before the Last Surviving Child Called 911
Jonathon Candy, 42, fatally shot his wife, Lindsay Candy, 39, and three of their four children, ages 18, 14, and 12, on April 22, before dying by suicide
22 hours ago
Kansas City Star
Not everything about the NFL Draft is about football. See Gracie Hunt’s Chiefs dress
Gracie Hunt, the daughter of Chiefs CEO Clark Hunt and his wife, Tavia, marked the first day of the NFL Draft by posting photos of herself in team colors.
22 hours ago
Hello!
Princess Charlotte's secret hidden talent revealed by mum Princess Kate
Princess Charlotte will be celebrating her 9th birthday next week, and she has a cool hidden talent! Her mum Kate Middleton recently opened up about her hobby...
a day ago
USA TODAY Sports - Golfweek
Is Jon Rahm having an existential crisis? He’s certainly going off his LIV Golf script a bunch
Rahm keeps wandering off the script, especially in the last month.
3 hours ago
The Daily Beast
Wanda Sykes Rips Trump’s Courtroom Farting
ABC/Randy HolmesLike hundreds of thousands of other rapt viewers, comedian Wanda Sykes is getting a lot of mileage out of the Manhattan criminal trial of Donald Trump, the first-ever criminal trial of a former U.S. president. Trump has pleaded not guilty to 34 counts of falsifying business records connected to his sexual relationship with adult film star Stormy Daniels. Podcaster Ben Meiselas insisted this week that Trump, present this week in-person for the beginning of the trial, had suffered
2 days ago
Sacramento Bee
Ex-teacher had sex with her student on his 8th-grade graduation, California prosecutors say
The former Butte County teacher pleaded no contest Monday to the charges.
2 days ago
USA TODAY Sports
NFL draft's most questionable picks in first round: QBs Michael Penix Jr., Bo Nix lead way
With the first round of the 2024 NFL draft complete, several teams stood out with their initial picks – and not in a good way.
4 hours ago

Latest Stories