The College of Nurses of Ontario (CNO) has announced that it has made “significant progress” in the restoration of its computer systems after a ransomware attack disabled its website, but the regulator would not disclose whether the attack also involved the theft of personal data – with that of about 195,000 nurses and 300 CNO staff potentially at risk.
The attack was discovered a month ago when data pertaining to “human resources” and “human rights matters” appeared to be stolen. The stolen data was displayed on a website along with a countdown timer; the hackers responsible for the cyberattack gave CNO until the timer ran out to pay a ransom, or the rest of the data would be leaked online.
CNO revealed that it did not give in to the hackers’ demands and has recovered from the attack.
“We have made significant progress in restoring our data and systems from our backup files, and we have not paid a ransom,” CNO communications advisor Angela Smith told CBC News in an email statement.
However, CBC News noted that the spokesperson did not say whether the CNO had any update on whether the personal information of its member nurses and employees were also compromised in the cyber incident.
Smith added in her statement that CNO is focused on restoring data from its backup systems, and has regained the ability to process new nursing applications. The organization has also improved its cybersecurity measures following the attack, in order to prevent another one, the spokesperson said. These measures include staff training, new access controls, and enhanced network security features.