Cyberattack Disrupts NL Health-Care System, Ransomware Not Confirmed: Health Minister

Cyberattack Disrupts NL Health-Care System, Ransomware Not Confirmed: Health Minister
Networking cables on a batch board are shown in Toronto on Nov. 8, 2017. The Canadian Press/Nathan Denette
Andrew Chen
Updated:

Newfoundland and Labrador’s health minister says the province’s health system has suffered a suspected cyberattack, but did not confirm media speculation that ransomware was used in the attack, which caused serious disruptions.

Disruptions to the health-care IT system started on the morning of Oct. 30, causing “progressive failure” to what Health Minister John Haggie said was the “brain” of the data centre, impacting thousands of appointments and procedures, including those involving COVID-19 testing.

“We may have been victims of a possible cyberattack by a third party,” Haggie said in a press conference on Nov. 2, adding that the province’s Emergency Operations Centre has been activated to respond to the crisis.

He said that while all four of N.L.’s regional health authorities were affected by the infiltration, the province’s largest health authority, Eastern Health, suffered the greatest impact.

Eastern Health CEO David Diamond said thousands of medical appointments have been cancelled as of Nov. 1, as a result of the cyberattack.

“We have gone into contingency mode,” Diamond said. “We always have contingency plans for this type of situation. We had hoped to never have to use it.”

Haggie said the government has been working on mitigating the effects of citizens while Bell Aliant, the service provider, and the Newfoundland and Labrador Centre for Health Information were asked to look into the background of the failures. The RCMP has also launched a criminal investigation.

Ransomware Attacks

Opposition Leader David Brazil from the Progressive Conservatives raised the question of whether the cyberattack involved the use of ransomware—a type of malicious software used to hold an electronic device and its stored information hostage in exchange for ransom.
“Has there been a ransom request made to the regional health authority, service provider Bell, the Newfoundland-Labrador Centre for Health Information, or the provincial government?” Brazil asked in the province’s House of Assembly on Nov. 1.

“The nature of that attack is as yet unclear,” Haggie said in response.

Cyberattacks causing major disruption have been seen recently in the United States. In April, a group of hackers compromised the networks of Colonial Pipeline Co., the largest fuel pipeline company in the country.

The DarkSide Group, which is likely based in Russia or Eastern Europe, were behind the cyberattack, according to the FBI.

Colonial Pipeline president and CEO Joseph Blount later confirmed that the company had paid $4.4 million to the ransomware attackers due to uncertainty about the severity of the cyberattack and how long the firm’s systems would be down.
A number of ransomware attacks have also struck major facilities in the U.S. transportation systems over the past year, prompting legislators on the House Homeland Security Committee to consider creating industry-wide cybersecurity mandates in late October.