While more specific details on the cyber incident that affected Newfoundland and Labrador’s healthcare system remain scant, experts say that the attack must have been quite devastating, based on what little information has been officially disclosed.
A cyberattack was launched on NL’s healthcare system sometime during October 30, 2021; the nature of the attack was not fully disclosed, and the government would not reveal if a ransom had been paid. However, the government did warn that the personal information of all patients who underwent COVID-19 testing in the province was exposed. Notably, the social insurance numbers of more than 2,500 patients (of which 1,025 are still alive) have been compromised.
On Tuesday, Eastern Regional Health Authority president and CEO David Diamond told reporters that the affected systems were being “rebuilt from scratch” based on “backups,” and that about 70% of the systems are operational once more. Diamond added that the information on social insurance numbers was likely collected by the healthcare authority by mistake.
The government remains careful about what it divulges regarding the cyber incident, but the few details publicly disclosed have been analyzed by experts.
When ransomware victims say they have to completely rebuild their systems from scratch, it usually means that they did not receive a decryption key from the hackers, or that the key did not work, commented Brian Honan, a cybersecurity consultant and former special adviser to Europol's Cyber Crime Centre.
Honan also told The Canadian Press that while officials have not indicated that any data was lost, there likely was data loss if the systems are being rebuilt.
“When you restore from your backup, you're restoring from the point of time the backup was done,” he commented. “Any data or any information that would have changed, updated or added since the backup was done would be lost.”
eSentire vice-president of industry security strategy Mark Sangster explained that the decision to rebuild systems from scratch may be a precaution against being given back a hacked network that may already be compromised with back doors, though a very expensive precaution.
“When you rebuild from scratch, I can tell you that's a brave decision to make and one that companies or organizations don't take lightly,” Sangster told The Canadian Press.
Sangster also criticized the provincial healthcare authority’s “mistake” of collecting social insurance numbers, saying the agency is on the hook for collecting the data in the first place.
“Whether or not you need it, whether or not you use it every day, that's just inexcusable.”
Both Honan and Sangster have also questioned the NL government’s decision to keep mum about the attack, with Sangster suggesting that the Conti ransomware gang may be behind the hack.