Breach Notification , Business Continuity Management / Disaster Recovery , Critical Infrastructure Security

Hackers Disrupt Canadian Healthcare and Steal Medical Data

Newfoundland and Labrador Says Systems Outages Continue, Personal Details Exposed
Hackers Disrupt Canadian Healthcare and Steal Medical Data
Hospitals such as the Health Sciences Center in St. John's, pictured, continue to face disruptions.

An online attack has led to healthcare system outages in Canada's most easterly province, disrupting patient care and resulting in the theft of many residents' personal details, including medical information.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

Health officials in the province of Newfoundland and Labrador on Oct. 30 disclosed that health systems had been disrupted by a "cyber incident." While officials did not use the word ransomware, security experts say the attack has the hallmarks of a crypto-locking malware outbreak.

A probe into the attack remains ongoing. "This is an evolving situation," said Newfoundland and Labrador Premier Andrew Furey at a Tuesday press conference.

Furey said investigators have found that more than a decade's worth of personal information for some residents - including health information - was exposed, as was personal information for healthcare system employees.

"For patients, the information is comprised of basic information that is typically logged or used for a patient visit, such as name, address, health care number (MCP), who you are visiting, reason for visit, your doctor, phone number, birth date, email address for notifications, in-patient/out-patient, mother's maiden name and marital status," the provincial government says in a security update.

"For current and former employees, the information includes name, address, contact information and Social Insurance number."

Officials say they do not believe that banking details for employees were exposed.

The government has published no tally of the number of affected individuals, but the province has a population of about 520,000.

Newfoundland and Labrador Premier Andrew Furey, Minister of Health and Community Services John Haggie and Minister of Justice and Public Safety John Hogan share an update on the investigation in a Tuesday press conference.

The Royal Canadian Mounted Police is leading a criminal investigation into the incident, backed by the Canadian Center for Cybersecurity, which is the public-facing arm of the country's Communications Security Establishment and the national incidence response lead. The CSE is a sister signals intelligence agency to the U.S. National Security Agency and Britain's GCHQ.

Province officials say they have also notified the Newfoundland and Labrador Office of the Information and Privacy Commissioner about the breach.

"We deeply regret that this incident occurred and are taking steps to protect the privacy of our employees, patients and other members of our community," officials say.

While the provincial government says it plans to offer credit or identity theft monitoring to victims, it has not yet done so. Instead, officials have thus far put the onus on victims: "If you notice any unusual activity in any accounts or your account statements, please contact the appropriate service provider, such as your bank, as soon as possible," they say.

Disruptions to Surgery, Chemotherapy

The attack has resulted in ongoing disruptions to care in addition to exposed data. The province is comprised of four regional health authorities, although data was not stolen from all of them: Western Health - no data believed to have been stolen, Central Health - data exposure unclear, Eastern Health - 14 years of data exposed, and Labrador-Grenfell - 9 years of data exposed.

Officials say they're attempting to restore systems from backups, and that the process remains underway and is not yet complete.

On Thursday, for example, public broadcaster CBC reported that while the Health Sciences Center hospital in the city of St. John's had restored its Meditech system, which handles patient health information and financial details, it only included information from before the attack.

Each health authority has been publishing its own updates on the ongoing disruptions it continues to face.

Through at least Wednesday, for example, Western Health noted that only some appointments would be proceeding, including chemotherapy appointments "at a reduced capacity."

In addition, "only urgent and emergency appointments will proceed for surgery, endoscopy, blood collection, medical imaging, outpatient EKG, and fracture clinics," it said. "Western Health will endeavor to contact all individuals whose appointments are proceeding. All other appointments will be rescheduled."

National Security Threat

Security experts have said the apparent ransomware attack has again highlighted the impact such crime can have on national security, including public health.

"Ransomware is a significant threat, not just to individuals or to businesses, but also to national security, and our economies and our societies," cybersecurity consultant Brian Honan, who heads Dublin-based BH Consulting, told The Canadian Press.

In May, for example, the Conti ransomware operation hit Ireland's National Health Service, disrupting healthcare for months, despite the Irish government mobilizing its armed forces to help hospitals wipe and restore systems.

Groups such as Conti sometimes promise to never hit certain types of targets, such as hospitals, and if they do to provide a "free decryptor." But experts say that like all criminals, ransomware-wielding attackers regularly lie. Furthermore, fixing systems that get crypto-locked by malware, ideally by wiping and restoring them, can be an expensive and lengthy process.

Given that threat, some governments have been moving more aggressively to counter it.

U.S. President Joe Biden's administration, for example, recently began treating ransomware on par with terrorism, in terms of the resources being devoted to tracking and disrupting such criminal operations, as well as pursuing the perpetrators.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.