eHealth hit by ransomware attack but personal health data is secure, says CEO

The computer system that stores the confidential medical data of Saskatchewan residents was hit by a ransomware attack on the weekend but the CEO of eHealth Saskatchewan says patient data is secure.

"It certainly looks like someone has found their way to tinker with our system and began encrypting some of our information," said Jim Hornell in a phone interview.

"They put a lock on it and they say if you want to unlock this again to get back to your information you'll pay us some money," Hornell said, noting that the organization has contacted the RCMP about this attack.

He said his staff have confirmed that no confidential patient information has been stolen.

"To our knowledge right now, none of that has been compromised at all. So we're safe at this point," he said. "No information is flowing out of the organization but our jobs are becoming difficult to do because there are some of our files seem to have been corrupted."

He said the attack began early Sunday morning and antivirus software immediately began sending alerts to staff.

We're not interested in negotiating with them in any way at this point. - Jim Hornell, CEO of eHealth

When eHealth officials attempted to open files on affected servers they received a message that the files had been encrypted and would remain inaccessible until a payment was made.

Hornell said he's not aware if a specific demand has been made.

"We're not interested in negotiating with them in any way at this point," he said.

'Thousands and thousands of attempted attacks'

He said eHealth employees along with staff from Microsoft and Cisco Systems are assessing the situation.

"We're making sure we understand where they have access and where they don't and making sure we mitigate any opportunities for them to move throughout our system."

Hornell said his organization receives "thousands and thousands of attempted attacks each day," and he has a security team that tries to stay one step ahead of the criminals.

"Every day we're getting malware, ransomware attempts to to hack into our system, like most companies, most organizations are — particularly in public service or in industry — and it's a constant battle."

He said eHealth staff is examining 110 servers that may have been attacked. They're working to assess and repair the damage and restore the information.

He doesn't know how long this will take but he said once that work is done, the organization will attempt to figure out how the system was breached in the first place.