For many months now, the residents of Newfoundland and Labrador have had to put up with canceled or delayed medical procedures and appointments. For a long time — like people in the rest of Canada, and around the world — their predicament was due to the pandemic.
But lately, the trouble has come from a new source — a catastrophic cyberattack. The system ground to a halt on Oct. 30. On Friday, the province’s four health authorities were predicting that treatment delays and disruptions would begin easing on Monday, although they would persist in some emergency departments and not all elective surgeries and chemotherapy treatments would return to normal.
And this week, the province revealed that the attack was worse than previously reported. On Friday, John Hogan, the provincial justice minister, said that employee information at three local health authorities had been stolen. Two days earlier, officials said that personal information of patients and health care workers, some of it health-related, had been “accessed” during the attack.
It was, in short, a cyberattack that theoretically affected everyone in the province.
But good luck finding out what happened or what’s going on to remedy it. The government of Premier Andrew Furey, who is also an orthopedic surgeon, won’t even describe the variety of the cyberattack.
“Our advice from world-class experts is to say nothing,” John Haggie, Newfoundland’s health minister, told a news conference on Wednesday. Nor will the government reveal who those experts are that the province brought in to solve its problem.
The Canadian Broadcasting Corporation, without revealing its source, reported that the shutdown was the latest in a string of ransomware attacks that have hit other health-related institutions, corporations and governments during the pandemic. Such attacks developed about a decade or so ago. The attacks, which appear to often come out of Russia, simply involve seizing control of data on vulnerable computer systems, encrypting it and then threatening to destroy it unless a ransom is paid, usually in bitcoin.
Three hospitals in Ontario were victims of such attacks in October 2019. They have disrupted individuals’ personal computers, and early this year they created diesel and jet fuel shortages in the United States after a pipeline company fell victim to hackers.
I spoke with Nicolas Papernot, an assistant professor of computer science and computer engineering at the University of Toronto. While he is an internationally known expert on cybersecurity and privacy, he’s not among Newfoundland’s advisers and has no inside knowledge of its situation.
“I don’t know why they don’t give more information,” he said. “But they should at least give a warning to people who are potentially affected, even if they are conservative in how they estimate whether a person was or was not impacted by the leakage of information.”
The computer networks of provincial and regional health care systems in Canada are particularly susceptible to hackers because they generally contain large numbers of outdated “legacy” software systems, Professor Papernot said.
“Those tend to carry vulnerabilities that have been patched in newer systems but that can still be exploited because these systems are too old to be …….