Suspected cyberattack in N.L. hits 'brain' of province's health-care system

·4 min read

ST. JOHN'S, N.L. — A suspected cyberattack on Newfoundland and Labrador's health network has led to the cancellation of thousands of medical appointments across the province and forced some local health systems to revert to paper.

The "brain" of the network's data centre, operated by Bell, has been damaged, including the main and backup computer systems, Health Minister John Haggie told reporters Monday. He said the "possible cyberattack by a third party" was first detected Saturday.

"It has taken out the brain of the data centre .... Our main aim here now is to mitigate the effect and maintain some continuity of service for the people of this province," Haggie said.

Newfoundland and Labrador's Eastern Health region was hardest hit, leading to the cancellation Monday of all non-emergency medical appointments and procedures. Eastern Health CEO David Diamond said his agency has lost access to everything from basic email to diagnostic images and lab results, adding that non-urgent medical procedures are likely to be cancelled again on Tuesday.

Physicians, he added, have told him that without X-rays and CT scans being available electronically, it would be safer to delay appointments and procedures for several days. "We can't handle the same volume in a paper-based system, so it's safer to reschedule," he said.

The health authorities in western Newfoundland and Labrador hadn't been hit as hard, while the health authority in central Newfoundland was affected but less severely than in the eastern region, Haggie said.

Haggie, however, decline to comment about whether the damage was due to what's known as a ransomware attack — in which hackers demand payment in exchange for restoring access. The minister would only say the investigation is ongoing.

Steve Waterhouse, a former information systems security officer with the Defence Department, said in an interview Monday the damage to Newfoundland and Labrador's health system bears all the hallmarks of a ransomware attack. Health systems are prime targets for cyberattacks because they are essential services and the public can't tolerate losing access to medical care for extended periods, he said.

"I believe it is ransomware that got inside of that (computer system) and crippled the operation .... It's highly probable it's ransomware, as this (phenomenon) is spreading across the country," Waterhouse said.

The Canadian Centre for Cyber Security — a division of the federal government's Communications Security Establishment — issued an alert in October 2020 warning of an increasing risk of cyberattacks using ransomware on Canadian health systems.

Evan Koronewski, a spokesman for theCommunications Security Establishment, said in an email, “We assess that cybercriminals will almost certainly continue to jeopardize patient outcomes and wider public health efforts by deploying ransomware for financial gain against a vulnerable health sector, including the COVID-19 vaccine supply chain.”

He added that the cyber centre has noticed a rise in threats related to the COVID-19 pandemic, including the threat of ransomware attacks on the country's front-line health-care and medical research facilities. He said cybercriminals have shifted toward targeting high-value, large-scale enterprises, known as "targeted ransomware" or "big game hunting."

In October 2020, reports indicated Montreal's Jewish General Hospital had to postpone appointments after a cyberattack forced the local health board to disconnect its servers from the internet. Earlier that year, hackers damaged the computer systems of three Ontario hospitals, using malware known as "Ryuk."

Haggie said it's too soon to know if his province's security measures had shortcomings or failed to heed the federal warnings, and he said there will be a post-mortem to examine these issues.

"We'll find out, but it won't be tomorrow," he said.

Sarah Stoodley, the province's minister of digital government, was asked by the Opposition during question period on Monday whether the province has a policy on paying hackers a ransom to remove the malicious software.

"I'm not aware of such policies, but from a security and information technology perspective, even if we had policies, I wouldn't recommend we table them in the House of Assembly," she replied.

This report by The Canadian Press was first published Nov. 1, 2021.

— By Michael Tutton in Halifax.

The Canadian Press

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting