Saskatchewan

Sask. NDP asks for government security review following ransomware attack

The Saskatchewan NDP are asking for a government-wide security review following a ransomware attack that hit eHealth.

Computer system that stores confidential medical data of Saskatchewan residents attacked on weekend

The NDP wants the provincial government to review security of its websites and databases following the ransomware attack at eHealth. (saskatchewan.ca)

The Saskatchewan NDP is asking for a government-wide security review following a ransomware attack that hit eHealth.

On Sunday, the computer system that stores the confidential medical data of Saskatchewan residents was hit by a ransomware attack.

Jim Hornell, CEO of eHealth Saskatchewan, said patient data is secure. Hornell said the hacker locked the data and said it would only be unlocked if money was paid.

The NDP is asking the government for a "security review of ministry and agency sites and databases to identify and address gaps and weaknesses."

NDP health critic Vicki Mowat called the attack "the predictable result of a longstanding failure to keep up with emerging threats to Saskatchewan people's most sensitive information."

The NDP also called on eHealth to adopt recommendations made in 2007 by the provincial auditor to complete a "disaster recovery plan."

'Slight delays' 

The hack has caused delays for some services, according to the Saskatchewan Health Authority.

A spokesperson for the SHA said on Thursday that, "We are not aware at this time of any major delays that would significantly affect patient care."

The SHA said eHealth needed to "restrict network access for certain programs or facilities to mitigate risk from this attack."

For example, it said the Roy Romanow Provincial Lab and the La Ronge Health Centre have to "rely on manual processes rather than digital or automated ones."

As of Thursday, eHealth's MySaskHealthRecord online database remained temporarily disabled. A notification on the site reads, "New registrations, as well as returning users logging in, will not be able to access the site."

Julianne Jack, executive director of communications for the Ministry of Central Services, said on Wednesday that "any links to eHealth applications or between Saskatchewan.ca and eHealth have been suspended" while servers are restored and repaired.

"IT security is always on alert and work is always ongoing to protect government information, data and systems from the ever-changing threat landscape." 

Corrections

  • A previous version of this story said the provincial auditor recommended the province complete a "disaster recovery plan" in 2017. In fact, that recommendation was first made in 2007.
    Jan 10, 2020 12:30 PM CT

With files from Morgan Modjeski and Geoff Leo

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.