A year has passed since Saskatchewan’s eHealth network was attacked by ransomware, and the provincial privacy commissioner has declared the incident to be one of the region’s largest privacy breaches on record.
The breach occurred on December 20, 2019, when a Saskatchewan Health Authority (SHA) opened a document laced with malware on a personal device, while the device was being charged via USB cord at their workstation. According to a release from Saskatchewan information and privacy commissioner Ron Kruzeniski, the infected document triggered a Ryuk ransomware attack between December 20, 2019 and January 05, 2020.
Kruzeniski determined that the attack affected some 50 million files – with 5.5 million of those files potentially containing personal information and/or personal health information.
"A minimum 547,145 files containing personal information and/or personal health information of citizens of Saskatchewan were either exposed to the malware or maliciously stolen from eHealth, SHA and [the ministry of] health," a release from the privacy commissioner’s office said.
It was found that about 40 GB of encrypted data was extracted from the network. It was on January 21, 2020 that eHealth discovered that the files were sent to IP addresses in Germany and the Netherlands.
The privacy commissioner concluded that the information in the files were either exposed by the ransomware, or stolen, in what he calls as one of Saskatchewan’s biggest privacy breaches.
"[The affected groups] have not been able to determine if it's yours, or mine, or someone else's," Kruzeniski told CBC News, adding that the method of cyberattack used was such that it is difficult to determine what kind and how much information the hackers made off with.
Kruzeniski’s investigation also concluded that there were three opportunities where the ransomware could have been detected. He found that eHealth did not give sufficient notification about the malware attack, and that the SHA and Ministry of Health failed in their notification efforts because eHealth did not act in time. The commissioner also noted that the employee who opened the infected file had privacy-related training, but lacked training in the SHA's Acceptable Use of Information Technology Assets policy.
A recent report from cybersecurity company Check Point Software Technologies found that Canada in particular saw a significant increase in cyberattacks against healthcare organizations and hospitals in 2020. The same report also noted that ransomware like Ryuk was the most popular mode of cyberattack against healthcare groups, and that this malware is specifically designed to target hospitals and force them to pay ransom.