N.L. Health-Care Cyberattack Is Worst In Canadian History

One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security. CBC News reports: David Shipley, the CEO of a cybersecurity firm in Fredericton, said he's seen similar breaches before, but usually on a smaller scale. "We've never seen a health-network takedown this large, ever," Shipley said in an interview with CBC News. "The severity of this is what really sets it apart." Discovered on Saturday morning, the cyberattack has delayed thousands of appointments and procedures this week, including almost all non-emergency appointments in the Eastern Health region. After refusing to confirm the cause of the disruption for days, Health Minister John Haggie said Wednesday the system has been victim of a cyberattack. Sources have told CBC News the security breach is a ransomware attack, a type of crime in which hackers gain control of a system and hand back the reins only when a ransom has been paid. [...]

Shipley said he normally argues against giving in to ransom demands but the provincial government might have to pay up in this instance since lives are at stake. The government has not confirmed there has been a ransom demand. On Thursday morning, staff at the Health Sciences Centre in St. John's were told the system used to manage patient health and financial information at the hospital is back online. The system -- called Meditech -- only has information from before last weekend, and will need to be updated. It isn't yet clear what the restoration of the system will mean for services at the hospital, or if the system is back online in other parts of the province.

And this why

[RitchCraft]

... you prosecute these ass-hats with attempted murder - "the provincial government might have to pay up in this instance since lives are at stake."

Re:

[Tablizer]

They probably live in shit-hole countries lacking cops who care. Perhaps it's time for the CIA to snipe 'em.

Re:

[Tablizer]

This kind of arrest would probably be taken on by the FBI, not Barney Fife.

Re:

[ArchieBunker]

Good luck getting an Eastern European country to extradite anyone.

Re:

[ELCouz]

No need to extradite when there is plenty of Eastern Europeans happy to do your dirty work for you! :)

So... backups

[RobinH]

I don't know how you can be in IT over the last decade with all the ransomware attacks and not have (a) expected it to hit you and (b) prepared for it by making sure you have really good backups, and as a last line of defense, a reasonably recent backup that's disconnected from the network. We were hit a few years ago... we killed the whole network as soon as we detected it to isolate the PCs, found the infected computer, turned off the infected computer (it was never turned on again, out of spite), made sure the rest of the PCs weren't infected, turned the network back on, then restored the encrypted files on the affected server file shares from backups. Maybe a couple hours lost with the network down, and a couple days of carefully restoring files while making sure not to overwrite any work someone had done in the meantime. There are three key things you must have to be able to survive a ransomware infection: backups, backups, and backups.

Re:

[geekmux]

I don't know how you can be in IT over the last decade with all the ransomware attacks and not have (a) expected it to hit you and (b) prepared for it by making sure you have really good backups...

Uh, they DO have "really good" backups. Online, running damn near in "real time", all the time. That's exactly why ransomware is so effective; because the attackers know this.

There are three key things you must have to be able to survive a ransomware infection: backups, backups, and backups.

Backups, backups, and yes even backups, are ALL fucking worthless if they're ALL online and get encrypted. The actual key here, is OFFLINE backups, which for some inexplicable dumb-ass reason, is very hard for modern IT to grasp, even when standing in the smoldering battlefield of ransomware.

Re:

[RobinH]

What did you think I meant when I said, "and as a last line of defense, a reasonably recent backup that's disconnected from the network"? Oh, perhaps you didn't read my comment?

Backups are not sufficient

[rapjr]

If your entire health network goes down for a month (happened in Vermont) while you are restoring from backup then people will still die and there will still be a strong incentive to pay the ransom. The attackers can also threaten to expose all the data as well, creating another incentive to pay the ransom (and medical data is something people consider very private, they will be upset if their medical history becomes public, especially if their employer sees something in it that results in firing them). T

Re:

[Retired ICS]

The intelligent (of which their are obviously very few) would deem it of note that apparently the so-called ransomware can "encrypt" many terrabytes of data in less than a nanosecond, yet it takes many months to restore. Funny that, wouldn't you say?

Re:

[Retired ICS]

Bell Aliant was the subcontractor responsible for maintaining operational security. Enough said.

Re:

[freeze128]

You only lost a few hours when 1 machine was compromised. That's fine for your business, but suppose that machine was compiling results in a medical lab for a test that was urgent to a patient's health? Or maybe it was a pharmacy computer, and while it's being repaired, people couldn't get their medicine? At that point, it stops being an attack for financial purposes, and becomes murder. This is why severe ransomware attacks can be classified as terrorism, and an appropriate response can be mounted.

Re:

[RobinH]

I don't get what you mean. We're a fairly small company with a couple guys who do IT in our "spare time" and we do a lot of make sure we have backups, and make sure people are using the server to store important documents, etc. We do it specifically for this kind of event. They're a health network! They presumably have an army of IT people with an almost unlimited budget because it's taxpayer funded. What the heck are they doing with mission critical machines susceptible to ransomware attacks not being

No second chance...

[thragnet]

Nuclear strike, What are taxpayers putting down their money for ? You attack hospitals, you die. How hard can this be ? Sure, there's collateral damage. All the more reason to hit these bastards. Oh, and I'm a liberal.

Never pay

[jaa101]

the provincial government might have to pay up in this instance since lives are at stake.

This just increases the likelihood that future attacks will put lives at stake. Whether you’re trying to save lives or to save money, the long-term best strategy remains the same: don’t pay the ransom. Maybe if you could convince yourself that ransomware attacks were coming under control it might be different but right now the opposite seems to be true.

If you want to spend money on this issue, implement some robust backup regime that lets you restore everything, down to everyone’s desktops, in something like 24 hours.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Voyager529]

I've always assumed health care would run on common, open source software because health care is a public good every country has. We have shared needs. Economies of scale. It's not a consumer product. (Only 200 national customers, but billions of users.) Lives are at stake. Security would presumably be better with 100s of 1000s of people working on it.There's an entire world of developing countries. Few countries have privatised healthcare. (I can imagine lots of reasons why everything appears to be made bespoke ($$$) but it seems short sighted and half assed)

Well, that would be nice, except that reality has a propensity to prevent us from being able to have nice things.

The only way this would work is if a government office was responsible for the software development, paid for in tax dollars, distributed accordingly, where the government office also provided technical support and established that businesses who used them weren't liable for errors as a result of a software issue.

Short of that, no medical office is going to trust their patient data to a github re

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ceoyoyo]

Anything in health care typically requires that you have very good insurance and a building full of documentation (most of it useless). These are things open source is bad at.