Thousands of medical appointments have been cancelled in Newfoundland and Labrador and authorities are blaming the disruption on unknown hackers who have knocked out one of the province’s most crucial information-technology systems.
The suspected cyberattack compromised the data systems the province’s doctors and technicians use to exchange medical records such as X-rays and CT scans. Police are investigating, and no one knows when medical appointments will resume.
“We know only what we know: We have a possible cyberattack that has taken out the ‘brain’ of the data centre,” said Health Minister John Haggie, a medical doctor. He told reporters on Monday that people will just have to wait while government officials struggle to restore the systems that were hit on the weekend.
“Our main aim here, between the department and authorities, is to mitigate the effect and maintain some continuity of service for the people who need treatment for which they cannot wait.”
The Health Minister declined to comment on whether a ransomware attack is suspected.
The effects of the cyberattack were uneven across the province, but the computer systems in St. John’s and surrounding areas are among the hardest hit. Experts say hospitals and health care providers around the world face similar strikes, which are often attributed to sophisticated hacking groups out to cash in on the medical urgency wrought by the COVID-19 crisis.
“Attackers are looking for maximum leverage, so they’re attacking health care systems in the middle of a pandemic,” said Charles Finlay, the executive director of Ryerson University’s Rogers Cybersecure Catalyst centre in Toronto. “They understand that government and their populations cannot tolerate a health care system being non-functional for very long.
“I think it’s another alarm bell,” he said. “Quite frankly, the alarm bell is ringing all the time now.”
Hackers are increasingly gravitating to ransomware attacks, which do not necessarily steal or destroy data. The goal is to encrypt an organization’s data holdings and keep the records scrambled until they are unlocked with a code.
The hacking groups demand payment in untraceable cryptocurrency transactions before they will unlock the data.
“The RCMP has initiated a criminal investigation that will draw upon specialized units within the RCMP with expertise in cyber threats,” police spokeswoman Glenda Power said.
Newfoundland and Labrador said the province’s Eastern Health region was hardest hit, leading to the cancellation on Monday of all non-emergency medical appointments and procedures. Eastern Health chief executive officer David Diamond said his agency has lost access to everything from basic e-mail to diagnostic images and lab results, adding that non-urgent medical procedures are likely to be cancelled again on Tuesday.
Physicians, he added, have told him that without X-rays and CT scans being available electronically, it is preferable to delay appointments and procedures. “We can’t handle the same volume in a paper-based system, so it’s safer to reschedule,” he said.
Mr. Haggie told reporters on Monday that the attack should not affect the province’s most critical patients. “We have the ability to dispatch ambulances. We have emergency centres that are open and staffed.
“It’s a lot of the networking function that’s been lost as a consequence of this failure,” he said. “The backups at local levels exist.”
The province’s health data centre is run by a private corporation, Bell Aliant. “It’s not clear that they can provide an accurate timeline just at the moment,” Mr. Haggie said on the issue of when information technology operations will resume fully. “They are hoping for days. But we just have to bear in mind that that’s a hope.”
Reports of ransomware attacks against individual hospitals have previously surfaced in Ontario and Quebec. Experts say health care is an enticing target for hackers because organizations have big budgets, but don’t spend much on securing their data.
“We traditionally operate on a shoestring budget in terms of our cybersecurity spend,” said Lee Kim, director of privacy and security at the Healthcare Information and Management Systems Society.
She said the sector has many highly integrated computer networks with only cursory external protections. “Health care organizations tend to be like Tootsie Rolls,” she said. “It’s kind of seemingly a bit of an outer layer – but once you get inside, it’s fairly soft.”
Recent polling has shown that most Canadian organizations affected by ransomware attacks will pay hackers to restore their data, said Robert Gordon, strategic adviser to the Canadian Cyber Threat Exchange. “Once they sort things out in the health care system in Newfoundland – what are the lessons learned – the rest of us can be better prepared.”
With a report from The Canadian Press
Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.
Colin Freeze