Suspected cyberattack in Newfoundland and Labrador’s hits 'brain' of health-care system

A suspected cyberattack on Newfoundland and Labrador’s health network has led to the cancellation of thousands of medical appointments across the province and forced some local health systems to revert to paper.

The "brain" of the network’s data centre, operated by Bell, has been damaged, including the main and backup computer systems, Health Minister John Haggie told reporters Monday. He said the "possible cyberattack by a third party" was first detected Saturday.

"It has taken out the brain of the data centre ... Our main aim here now is to mitigate the effect and maintain some continuity of service for the people of this province," Haggie said.

Newfoundland and Labrador’s Eastern Health region was hardest hit, leading to the cancellation on Monday of all non−emergency medical appointments and procedures. Eastern Health CEO David Diamond said his agency has lost access to everything from basic email to diagnostic images and lab results, adding that non−urgent medical procedures are likely to be cancelled again on Tuesday.

Physicians, he added, have advised him that without X−rays and CT scans being available electronically, it would be safer to delay appointments and procedures for several days. "We can’t handle the same volume in a paper−based system, so it’s safer to reschedule," he said.

The health authorities in western Newfoundland and Labrador hadn’t been hit as hard, while the health authority in central Newfoundland was impacted but less severely than in the eastern region, Haggie said.

Haggie, however, decline to comment about whether the damage was due to what’s known as a ransomware attack — in which hackers demand payment in exchange for restoring access. The minister would only say the investigation is ongoing.

Steve Waterhouse, a former information systems security officer with the Defence Department, said in an interview Monday the damage to Newfoundland and Labrador’s health system bears all the hallmarks of a ransomware attack. Health systems are prime targets for cyberattacks because they are essential services and the public can’t tolerate losing access to medical care for extended periods, he said.

"I believe it is ransomware that got inside of that (computer system) and crippled the operation. ... It’s highly probable it’s ransomware, as this is spreading across the country," Waterhouse said.

The Canadian Centre for Cyber Security — a division of the federal government’s Communications Security Establishment — issued an alert in October 2020 warning of an increasing risk of cyberattacks using ransomware on Canadian health systems.

Evan Koronewski, a spokesman for the federal agency, said in an email, “We assess that cybercriminals will almost certainly continue to jeopardize patient outcomes and wider public health efforts by deploying ransomware for financial gain against a vulnerable health sector, including the COVID−19 vaccine supply chain.”

He added that the Cyber Centre has noticed a rise in cyber threats related to the COVID−19 pandemic, including the threat of ransomware attacks on the country’s front−line health−care and medical research facilities. He said cybercriminals have shifted toward targeting high−value, large−scale enterprises, known as "targeted ransomware" or "big game hunting."

In October 2020, reports indicated Montreal’s Jewish General Hospital had to postpone appointments after a cyberattack forced the local health board to disconnect its servers from the internet. Earlier that year, hackers damaged the computer systems of three Ontario hospitals, using malware known as "Ryuk."

Haggie said it’s too soon to know if his province’s security measures had shortcomings or failed to heed the federal warnings, and he said there will be a post−mortem to examine these issues.

"We’ll find out, but it won’t be tomorrow," he said.