Sask. NDP asks for government security review following ransomware attack
Computer system that stores confidential medical data of Saskatchewan residents attacked on weekend
The Saskatchewan NDP is asking for a government-wide security review following a ransomware attack that hit eHealth.
On Sunday, the computer system that stores the confidential medical data of Saskatchewan residents was hit by a ransomware attack.
Jim Hornell, CEO of eHealth Saskatchewan, said patient data is secure. Hornell said the hacker locked the data and said it would only be unlocked if money was paid.
The NDP is asking the government for a "security review of ministry and agency sites and databases to identify and address gaps and weaknesses."
NDP health critic Vicki Mowat called the attack "the predictable result of a longstanding failure to keep up with emerging threats to Saskatchewan people's most sensitive information."
The NDP also called on eHealth to adopt recommendations made in 2007 by the provincial auditor to complete a "disaster recovery plan."
The hack has caused delays for some services, according to the Saskatchewan Health Authority.
A spokesperson for the SHA said on Thursday that, "We are not aware at this time of any major delays that would significantly affect patient care."
The SHA said eHealth needed to "restrict network access for certain programs or facilities to mitigate risk from this attack."
For example, it said the Roy Romanow Provincial Lab and the La Ronge Health Centre have to "rely on manual processes rather than digital or automated ones."
As of Thursday, eHealth's MySaskHealthRecord online database remained temporarily disabled. A notification on the site reads, "New registrations, as well as returning users logging in, will not be able to access the site."
Julianne Jack, executive director of communications for the Ministry of Central Services, said on Wednesday that "any links to eHealth applications or between Saskatchewan.ca and eHealth have been suspended" while servers are restored and repaired.
"IT security is always on alert and work is always ongoing to protect government information, data and systems from the ever-changing threat landscape."
- A previous version of this story said the provincial auditor recommended the province complete a "disaster recovery plan" in 2017. In fact, that recommendation was first made in 2007.Jan 10, 2020 12:30 PM CT
With files from Morgan Modjeski and Geoff Leo