Cybersecurity expert says N.L. health care cyberattack is worst in Canadian history

Newfoundland and Labrador has been dealing with a cyberattack on its health-care system since Saturday. (Joyseulay/Shutterstock)

One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security.

David Shipley, the CEO of a cybersecurity firm in Fredericton, said he’s seen similar breaches before, but usually on a smaller scale.

“We’ve never seen a health network takedown this large, ever,” Shipley said in an interview with CBC News. “The severity of this is what really sets it apart.”

First discovered on Saturday morning, the cyberattack has delayed thousands of appointments and procedures this week, including almost all non-emergency appointments in the Eastern Health region.

After refusing to confirm the cause of the disruption for days, Health Minister John Haggie said Wednesday that the system has been victim to a cyberattack.

Sources have told CBC News that the security breach is a ransomware attack, a type of cybercrime where hackers gain control of a system and only hand over the reins once a ransom has been paid.

Shipley said more than 400 hospitals in Canada and the United States have been subject to ransomware attacks since the beginning of the pandemic. He said hackers target hospitals and health-care systems because of the urgent, tangible impact on everyday people.

“It has real impacts on human life and safety, and this is the worst of the worst.”

Shipley said he normally argues against giving in to ransom demands, but the provincial government may have to pay up in this instance since lives are at stake. The government has not confirmed if there has been a ransom demand.

National implications

Shipley called on the federal government to provide the necessary resources to deal with the attack.

“Newfoundlanders and Labradorians should know that we are there for them as a country and we aren’t just going to sit here and let people take punches at our hospitals anymore,” he said. We should be hearing from our prime minister that we’re going to come after the groups behind this.”

Cybersecurity expert David Shipley says if there is a ransom demand, the provincial government may have to pay since patient lives are at stake. (CBC)

Speaking with reporters on Wednesday, Haggie wouldn’t say how the federal government is helping the province.

However, in an email, the Communications Security Establishment, the federal government’s IT security agency, said it’s in communication with N.L. provincial officials.

“We are actively engaged with government and non-government partners, sharing cyber security advice and guidance, mitigation, and operational updates,” said the statement.

The agency said it can’t comment on cyber security incidents.

CSE said there has been an increase in the number of cyber threats since the beginning of the pandemic, including the threat of ransomware attacks on Canadian frontline health-care and medical research facilities.

In a statement on Tuesday, the RCMP said it has opened an investigation into the attack, and has deployed resources from its cybersecurity unit.

Not many details

Although the government has confirmed that the disruptions to the health-care system are due to a cyberattack, officials still won’t say who is behind the attack or what kind of cybercrime it is. 

Haggie said the hackers could be monitoring government statements through the media, and revealing too much information could jeopardize the investigation into the attack and the efforts to restore the system.

Health Minister John Haggie said the government cannot reveal much information about the cyberattack because it could jeopardize the ongoing investigation. (Mark Quinn/CBC)

He said the decision to reveal that a cyberattack is behind the disruptions was based on new advice from experts.

Shipley said he understands the reasoning behind the government’s refusal to give details regarding the crime.

“They have the responsibility to be open and transparent with the public, but this is an ongoing safety and security issue,” he said.

Opposition wants input

During question period on Wednesday, members of the opposition commended the government for finally confirming the cause of the disruptions, but called for greater transparency on its plan to deal with the attack.

Speaking with reporters afterwards, NDP leader Jim Dinn said he’s spoken with Premier Andrew Furey, and the government is going to give the opposition parties daily updates.

NDP leader Jim Dinn, left, and David Brazil, right, are calling for more transparency from the government going forward. (Mark Quinn/CBC)

Furey is currently out of the province, attending the COP26 summit in Scotland.

Dinn called on the premier to cut his trip short and return to the province to help deal with the cyberattack.

“He’s the leader of this province. He signed on for this,” Dinn said. “People need to hear from him directly and to be present while this issue is being tackled.”

Opposition leader David Brazil said PC MHAs are open to collaborating with the government. He said he’s also spoken to Furey, and asked for more openness going forward.

“We understand there may be some delicate pieces of information they can’t share, we understand that and respect that. But we ask that they get out in front of it,” he said.

Read more from CBC Newfoundland and Labrador

Source link