eHealth discovers Sask. files sent to suspicious IP addresses in Europe
CEO says we 'may never know' if personal data was compromised
There's a chance that personal health data belonging to Saskatchewan residents could have been compromised in a ransomware attack.
Files from some of its servers have been sent to suspicious IP addresses, according to eHealth CEO Jim Hornell.
"There were several that were unknown to us and were recognized to be suspicious in various countries in Europe," said Hornell, adding at least four IP addresses were involved.
This discovery came in the wake of forensic analysis spurred by a recent ransomware attack. The chance that data might be compromised was announced on Friday, although the initial discovery happened one week prior on Jan. 31, 2020.
This is the latest development in the ransomware saga. Initially, CBC News was told the attack began Jan. 5, 2020. However, Hornell revealed that the virus first entered the eHealth system on Dec. 20, 2019. Employees didn't discover there was a problem until they tried to open files on Jan. 6, 2020 and were asked for bitcoin in exchange for unlocking the files.
In January, Hornell said personal data was secure despite the ransomware hit. Now, it appears the organization can't be sure and "may never know" if personal data was affected.
The files exchanged were encrypted and password protected by the attacker, which means the exact content of those files is unknown.
Hornell said the affected server primarily contained administrative files, like emails. However, he said it's not clear if the affected server was in communication with other servers.
"There's no indication that it was personal health information but we want to be ... as confident as possible," he said.
Officials with the Ministry of Health and Saskatchewan's Information and Privacy Commissioner have been notified. The organization said it will continue a security analysis to determine if further breaches have occurred.
It has also brought on the help of a specialized security firm that is "tasked with scouring the Internet for any signs that confidential information has been compromised."
Hornell wouldn't say the cost of the third-party assistance, saying costs are still being compiled and some is covered by insurance.
NDP Heatlh Critic Vicki Mowat issued a statement that reiterated the call for a government-wide security review of government sites and databases.
"People should be able to trust that their health records are secure — that's eHealth's most important responsibility, and today's admission shows that this government has failed to provide that security," the statement said.
"The news that the recent data breach led to public health files being taken is cause for great concern. Even more concerning is that eHealth doesn't know what those files contained or how much of Saskatchewan people's health data has been compromised."
On Friday, Hornell said he wasn't surprised the health organization was hit.
"We knew that that was definitely an eventuality and that's why we are investing in updating our patches," he said.
Hornell said the public will be notified if the forensic investigation leads to more revelations. In the meantime, he said employees are receiving ongoing education about proper Internet etiquette in the wake of the attack, like not opening suspicious links or emails.