Hackers target Newfoundland’s health system

For many months now, Newfoundland and Labrador residents have had to come to terms with canceled or delayed medical procedures and appointments. For a long time – like people in the rest of Canada and around the world – their predicament was due to the pandemic.

But lately, the problems have come from a new source – a catastrophic cyber attack. The system came to a standstill on 30 October. On Friday, the province’s four health authorities predicted that treatment delays and interruptions would begin to ease on Monday, though they would continue in some emergency departments and not all elective surgeries and chemotherapy treatments would return to normal.

And this week, the province revealed that the attack was worse than previously reported. On Friday, John Hogan, the county’s justice minister, said staff information at three local health authorities had been stolen. Two days earlier, officials said personal information about patients and healthcare professionals, some of them healthcare-related, had been “accessed” during the attack.

In short, it was a cyber attack that theoretically affected everyone in the province.

But good luck finding out what happened or what is happening to remedy it. The government of Prime Minister Andrew Furey, who is also an orthopedic surgeon, will not even describe the diversity of the cyber attack.

“Our advice from world-class experts is not to say anything,” John Haggie, Newfoundland’s health minister, said at a news conference on Wednesday. Nor will the government reveal who the experts the province has recruited to solve its problem are.

The Canadian Broadcasting Corporation reported without revealing its source that the shutdown was the latest in a series of ransomware attacks that have hit other health-related institutions, businesses and governments during the pandemic. Such attacks evolved about a decade or so ago. The attacks, which often appear to come out of Russia, simply involve seizing data on vulnerable computer systems, encrypting them and then threatening to destroy them unless ransom is paid, usually in bitcoin.

Three hospitals in Ontario were victims of such attacks in October 2019. They have disrupted individuals’ personal computers, and earlier this year they created a shortage of diesel and jet fuel in the United States after a pipeline company fell victim to hackers.

I spoke with Nicolas Papernot, an assistant professor of computer science and computer science at the University of Toronto. Although he is an internationally known expert in cybersecurity and privacy, he is not among Newfoundland’s advisers and has no inside knowledge of its situation.

“I do not know why they do not provide more information,” he said. “But they should at least give a warning to people who are potentially affected, even if they are conservative in how they assess whether or not a person was affected by the leak of information.”

The computer networks of provincial and regional health systems in Canada are particularly susceptible to hackers because they generally contain a large number of outdated “legacy” software systems, Professor Papernot said.

“They tend to carry vulnerabilities that have been fixed in newer systems but that can still be exploited because these systems are too old to be maintained with current security standards,” he said.

Reinforced the threat has been the mass relocation to work from home, he added. Many governments and companies have not yet addressed the security threats posed by remote access and have failed to introduce additional security measures, such as two-factor identification, or training of employees in detecting malicious email.

Newfoundland’s clutter seems to be the biggest disruption any health care system has seen in Canada. But other governments have not been immune to major cyber attacks. Ten years ago, workers in the Federal Government’s Treasury Department and its Finance Council were without Internet access for several months after a cyber attack.

That same year, the Communications Security Establishment, the top-secret eavesdropping service, was pulled out of the military and made into a separate agency. It currently operates the Canadian Center for Cyber ​​Security, which among other things looks for threats against governments and companies in Canada and offers security advice.

In an email, Ryan Foreman, a spokesman for the agency, said it “has noted an increase in cyber threats related to the Covid-19 pandemic, including threats to the country’s frontline health care and medical research facilities,” and that it has worked closely together with security officials in health systems.

The Cybersecurity Agency confirmed that it provides Newfoundland with digital investigation services, data recovery and general guidance. The Royal Canadian Mounted Police, it said, are also investigating the attack.

But what is really going on there? “We are unable to comment further on the nature of our assistance with the province due to operational security reasons,” the spokesman wrote.


  • The land border between Canada and the United States reopened this week, and Canada’s snowbirds flocked across it. However, Canada’s Covid test requirements have dampened enthusiasm for day trips. Separately this week, Health Canada gave the green light for booster shots of the Pfizer-BioNTech vaccine and extended eligibility to anyone over 18 years of age.

  • Tracey Deer was only 12 years old in 1990 when she crouched in a car while being evacuated from Kanesatake First Nation when a white mob threw stones and racial insults. Ms. Deer, a film director who is Mohawk, discussed with Laurel Graeber how she turned a fictional version of her experience of Oka Crisis into “Beans,” her first narrative feature, which was named Best Picture at the Canadian Screen Awards this year and has collected more than 20 awards at the film festival circuit.

  • Skyler Williams, an ironworker from the Six Nations of the Grand River in Ontario who helped organize last weekend’s climate protest in Toronto, has some time for the UN Global Climate Summit, which went into overtime on Friday in Glasgow: “I think We’re wasting time, money, resources, flying all these leaders to all these climatic, environmental things. “

  • A hand signal developed in Canada led to the rescue of a girl who was reported missing in North Carolina.


Ian Austen, who lives in Windsor, Ontario, was educated in Toronto, lives in Ottawa and has reported on Canada for The New York Times for the past 16 years. Follow him on Twitter at @ianrausten.


How are we?
We’re eager to have your thoughts on this newsletter and events in Canada in general. Please send them to nytcanada@nytimes.com.

Do you like this email?
Forward it to your friends and let them know they can sign up here.

Leave a Comment

Advertise