N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert
'It has real impacts on human life and safety'
One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security.
David Shipley, the CEO of a cybersecurity firm in Fredericton, said he's seen similar breaches before, but usually on a smaller scale.
"We've never seen a health-network takedown this large, ever," Shipley said in an interview with CBC News. "The severity of this is what really sets it apart."
Discovered on Saturday morning, the cyberattack has delayed thousands of appointments and procedures this week, including almost all non-emergency appointments in the Eastern Health region.
After refusing to confirm the cause of the disruption for days, Health Minister John Haggie said Wednesday the system has been victim of a cyberattack.
Sources have told CBC News the security breach is a ransomware attack, a type of crime in which hackers gain control of a system and hand back the reins only when a ransom has been paid.
Shipley said more than 400 hospitals in Canada and the United States have been subject to ransomware attacks since the beginning of the pandemic. He said hackers target hospitals and health-care systems because of the urgent, tangible impact on everyday people.
"It has real impacts on human life and safety, and this is the worst of the worst."
Shipley said he normally argues against giving in to ransom demands but the provincial government might have to pay up in this instance since lives are at stake. The government has not confirmed there has been a ransom demand.
On Thursday morning, staff at the Health Sciences Centre in St. John's were told the system used to manage patient health and financial information at the hospital is back online.
The system — called Meditech — only has information from before last weekend, and will need to be updated. It isn't yet clear what the restoration of the system will mean for services at the hospital, or if the system is back online in other parts of the province.
Shipley called on the federal government to provide the necessary resources to deal with the attack.
"Newfoundlanders and Labradorians should know that we are there for them as a country and we aren't just going to sit here and let people take punches at our hospitals anymore," he said. "We should be hearing from our prime minister that we're going to come after the groups behind this."
Speaking with reporters Wednesday, Haggie wouldn't say how the federal government is helping the province.
However, in an email, the Communications Security Establishment, the federal government's IT security agency, said it's in communication with N.L. provincial officials.
"We are actively engaged with government and non-government partners, sharing cyber security advice and guidance, mitigation, and operational updates," said the statement.
The agency said it can't comment on cybersecurity incidents.
CSE said there has been an increase in the number of cyberthreats since the beginning of the COVID-19 pandemic, including the threat of ransomware attacks on Canadian front-line health-care and medical research facilities.
In a statement Tuesday, the RCMP said it has opened an investigation into the attack with resources from its cybersecurity unit.
Not many details
Although the government has confirmed the disruptions to the health-care system are due to a cyberattack, officials still won't say who is behind the attack or what kind of cybercrime it is.
Haggie said the hackers could be monitoring government statements through the media, and revealing too much information could jeopardize the investigation into the attack and the efforts to restore the system.
He said the decision to reveal that a cyberattack is behind the disruptions was based on new advice from experts.
Shipley said he understands the reasoning behind the government's refusal to give details.
"They have the responsibility to be open and transparent with the public, but this is an ongoing safety and security issue," he said.
Opposition wants input
During question period in the N.L. legislature on Wednesday, members of the opposition called for greater transparency on its plan to deal with the attack.
NDP Leader Jim Dinn told reporters he's spoken with Premier Andrew Furey, and the government is going to give the opposition parties daily updates.
Furey is out of the province, attending the COP26 climate summit in Scotland. Dinn called on the premier to cut his trip short and return to the province to help deal with the cyberattack.
"He's the leader of this province. He signed on for this," Dinn said. "People need to hear from him directly and to be present while this issue is being tackled."
Opposition leader David Brazil said PC MHAs are open to collaborating with the government. He said he's also spoken to Furey, and asked for more openness.
"We understand there may be some delicate pieces of information they can't share. We understand that and respect that," Brazil said. "But we ask that they get out in front of it."
With files from Peter Cowan