Ontario nursing regulator says it has made 'significant progress' after cyber attack
However, questions remain on whether hackers stole personal data of 195,000 nurses
The College of Nurses of Ontario says it has made 'significant progress' restoring its systems and data after hackers crippled its website, but it would not reveal whether the personal data of 195,000 nurses and its 300 staff was compromised in the attack.
The province's nursing regulator discovered the targeted ransomware attack almost a month ago when some of the data appeared to be stolen by the hackers, including "human resources" and "human rights matters."
The data was displayed on a website along with a countdown clock, with the understanding that if the the CNO didn't give in to the hackers' demands before the clock reached zero, the data would be published online.
Angela Smith, the communications advisor for the College of Nurses of Ontario, wrote in an email that the nursing regulator was not cowed by the threat and has since made progress in restoring its systems knocked out in the attack.
"We have made significant progress in restoring our data and systems from our backup files, and we have not paid a ransom," she wrote in an email to CBC News Friday.
Smith did not say whether the regulator had any update on whether the personal information of its 195,000 members and 300 employees was compromised in the attack, saying the CNO is still trying to figure that out.
In the meantime, Smith said the nursing regulator has been concentrating on restoring data from its backup systems in order to get its internal systems up and running again, including its public register, which allows members of the public to check up on a nurse's credentials.
Smith also said the regulator has regained the ability to process new nursing applications, which it was unable to do during the outage, potentially delaying new nurses starting new jobs and costing them pay.
The college has also beefed up its cyber security in the wake of the attack in order to prevent a new one from crippling its systems in the future, including staff training, new access controls and enhanced network security features.