Data breaches in N.L. cyberattack spread, three of four health regions affected

Nov 10, 2021 | 2:29 PM

ST. JOHN’S, N.L. — The Newfoundland and Labrador government revealed Wednesday that more data breaches have been found in the fallout of a cyberattack that has damaged crucial parts of it health-care system.

Health Minister John Haggie told reporters that personal information of patients in the central health authority has been accessed by the hackers behind the attack, and it’s likely employee data was accessed as well. The previous day, the government revealed that personal information of patients and employees in two other health authorities had been breached.

“There’s no indication that any of this information has actually been misused, and obviously we’ll continue to monitor that,” Haggie said in St. John’s. “Our understanding, as of today, is that the information was accessed. Whether it was further altered or taken away or copied, that is not clear.”

The attack was first detected on Oct. 30, and it has forced all four of the province’s health authorities to reduce services. In the capital region, the eastern health authority has suspended some chemotherapy treatments and cancelled all non-urgent X-ray, ultrasound and mammography appointments, among others.

Though the extent of the attack seems to be growing, the provincial government has remained tight-lipped about what exactly is going on. Officials are refusing to divulge the nature of the attack on the health network or whether the hackers are asking for money. They also won’t say how they know data was breached, how long hackers had access to the information or how they’re monitoring for signs of its misuse.

When the first data breaches were revealed Tuesday, Premier Andrew Furey said, “This is a complex file that requires nuanced language and we would love to be able to share and communicate more fulsomely than we have to date.”

That “nuanced language” used Tuesday stood out to David Masson, director of enterprise security with Darktrace, a cybersecurity firm based in the United Kingdom. “They were very specific about saying ‘accessed,’ and then they were also very specific about saying that ‘nothing has been misused,'” he said in an interview. “What that’s saying to me is, they’ve got evidence that shows that somebody’s been into databases, but that’s all they know.”

Masson said he was also struck by Haggie’s comment to reporters Tuesday that the hackers behind the attack are “watching, literally, what we’re doing.”

“They keep emphasizing that they have to be really careful about what they say to us because they’re being monitored,” Masson said. That seems to imply the attack may be ongoing, he added, “and that they’re clearly trying to avoid saying anything about it for fear of … making it worse.”

Echoing several other experts, Masson said the cyberattack on Newfoundland and Labrador’s health system is an issue of national security, and he was surprised Ottawa wasn’t taking alarger public role in the response. “This is really important, it’s really big,” he said. 

Meanwhile, Emsisoft, a New Zealand-based cybersecurity firm that helped Ireland with a similar attack on its health-care system last May, tweeted a “reminder” Wednesday that the company is offering free ransomware help to health-care organizations for the duration of the COVID-19 pandemic.

Experts have suggested a ransomware gang known as Conti, which has been linked to the attack on Ireland, is also behind the attack on Newfoundland and Labrador. “If your org needs faster and safer decryption in incidents involving Conti et al, get in touch,” the Emsisoft tweet said. 

This report by The Canadian Press was first published Nov. 10, 2021.

The Canadian Press