'Foreseeable' cyberattack on N.L. health network hit majority of province: report
A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on December, 19, 2012. (THE CANADIAN PRESS/Jonathan Hayward)
ST. JOHN'S, N.L. -
The ransomware attack that hit Newfoundland and Labrador's health-care IT systems in 2021 was "almost an inevitability" and resulted in the theft of personal data from the "vast majority" of the province's population, says a report released Wednesday.
The security of the province's health information system was lacking in several important areas, and officials knew about the weaknesses but did not take appropriate action to fix them, said the 115-page report from the office of the province's information and privacy commissioner.
"We understand that sometimes mistakes happen and accidents happen … in our estimation, that is not what happened here," Sean Murray, who led the investigation, told reporters. "It was pretty clear that we did not have in this province appropriate cybersecurity measures in place in our health-care system prior to the cyberattack. And that was the major contributor to the cause of the cyberattack."
Moreover, health officials broke provincial privacy laws by not disclosing key information within a reasonable time frame about the nature of the attack and whether information had been stolen, Murray said. They also broke privacy laws by not sufficiently protecting the information in the first place, he added.
Widespread IT outages hit the province's health-care system beginning Oct. 30, 2021, forcing doctors and nurses in a major St. John's hospital to resort to pen and paper to keep track of patients. Thousands of appointments were cancelled, including cancer care, as officials scrambled to figure out what happened and get systems up and running.
The government has been tight-lipped about what happened, and it didn't reveal until March that the attack involved ransomware -- a type of malicious software used by hackers to encrypt or steal data until victims pay a ransom.
The Hive ransomware was behind the hit, Justice Minister John Hogan said at the time, adding that he could disclose the culprit because the group had been dismantled in January by the FBI and no longer posed a threat. Until then, officials had said that disclosing the nature of the attack would have compromised security.
The report said the delay in that disclosure was "concerning" and the rationale given by authorities to justify it was insufficient.
Hogan has also said that the hackers broke into the IT system of the Newfoundland and Labrador Centre for Health Information through a virtual private network that they had accessed with stolen login information. The report says an email phishing scam is most likely to blame.
The report says the hackers triggered alerts within the computer systems before they deployed their attack, which were not properly investigated. A proper investigation may have stopped the attack, or lessened its impacts, Murray wrote. His report also outlines several instances where officials had information about security vulnerabilities or were warned about the increasing risk of cyberattacks -- particularly of ransomware attacks -- against health-care systems.
Last December, provincial health officials said a review of a network drive accessed by the hackers showed that more than 58,000 people in the province had their data breached.
But Tuesday's report says the perpetrators also stole personal and health information from data repositories belonging to three of the province's four health authorities. Though the exact number of victims is unknown, the report says the information stolen includes at least nine years of data from each authority as well as information belonging to everyone in the province who had a COVID-19 test before 2021.
"The total number of privacy breaches caused by the cyberattack is unknown but it is likely to be in the hundreds of thousands," Murray wrote. "In other words, it is likely that the vast majority of the population of the province had some amount of personal information or personal health information taken by the cyberattackers."
Ultimately, the perpetrators managed to steal more than 200 gigabytes of data, the report says.
Problems aside, the report also notes that the province's response to the attack was "by and large carried out well." It also says "an impressive amount of work" has been done to implement proper cybersecurity measures to avoid a future attack.
The provincial Justice Department issued a statement Wednesday after Murray's news conference to say it was reviewing the report's 34 findings and six recommendations.
"This was a complex cybersecurity incident, but we are confident that reasonable security steps have already been taken -- and are being taken -- to mitigate the risk of a potential future incident," Hogan said in the release.
This report by The Canadian Press was first published May 24, 2023.
CTVNews.ca Top Stories
Special rapporteur Johnston rejects call to 'step aside' after majority of MPs vote for him to resign
Prime Minister Justin Trudeau's efforts to assure Canadians that his government is adequately addressing the threat of foreign interference took a hit on Wednesday, when the majority of MPs in the House of Commons voted for special rapporteur David Johnston to 'step aside,' a call Johnston quickly rejected.
'I heard a cracking noise': 16 children, 1 adult injured in platform collapse at Winnipeg's Fort Gibraltar
Seventeen people – most of whom are young students – were hospitalized after a falling from a height during a field trip at Winnipeg's Fort Gibraltar. However, many of the children are now being discharged and sent home, according to an update from the hospital.
Engaged couple shot dead days before moving out of house near Hamilton
An engaged couple was shot dead while fleeing their landlord near Hamilton just days before they were scheduled to move out of their apartment.
Federal Court of Appeal: Canada not constitutionally obligated to bring home suspected ISIS fighters
The Government of Canada has won its appeal and will not be legally forced to repatriate four Canadian men from prisons in Northeast Syria.
Canadian consumer debt hits all-time high, reaching $2.32 trillion in Q1 2023: TransUnion
Amid interest rate hikes and high inflation, more Canadians are turning to credit for relief, with consumer debt hitting a new record in the first quarter of 2023.
Canada closing in on deal to get Stellantis battery plant back on track: Champagne
A deal to save a $5-billion electric vehicle battery plant in Windsor is inching closer, Industry Minister Francois-Philippe Champagne said Wednesday.
Health Canada recalls Arora Cookwares clay cooking pot with lid over burn hazards
Arora cookwares clay cooking pots were recalled by the federal health agency over burn and injury risks.
House moving to midnight sittings as Liberals blame Conservatives for stalling agenda
It's that time of year again where MPs will be sitting until midnight until the House rises in late June, as the federal government pushes to pass as many bills as it can before the summer legislative hiatus. On Wednesday, Government House Leader Mark Holland announced that the Commons will be working late 'every single night … from here until the finish.'
Medication shortage in Canada led to increased dosing errors in children, new study shows
A new study has found that dosing errors in children increased during the Canada-wide shortage of paediatric fever and pain medication last year.
Toronto
-
Engaged couple shot dead days before moving out of house near Hamilton
An engaged couple was shot dead while fleeing their landlord near Hamilton just days before they were scheduled to move out of their apartment.
-
Girl, 14, charged in connection with firework being set off inside TTC bus
A 14-year-old girl has been charged in connection with a firework being set off inside a TTC bus in Scarborough on Tuesday that was captured on video and went viral online.
-
Candidates take aim at front-runner Chow on taxes in wide-ranging debate
Olivia Chow once again took most of the firepower as the six leading candidates in Toronto’s race to become mayor squared off in a wide-ranging debate hosted by United Way Greater Toronto, The Toronto Star and Toronto Metropolitan University.
Calgary
-
'An obscene amount': Anger grows over residential parking fees
Calgarians facing a massive increase in cost just to park in their own neighbourhoods are voicing their concerns.
-
Premier Danielle Smith tasked with choosing new cabinet after losing several senior MLAs
Danielle Smith is now facing her first big test as Alberta's returning premier — picking a new cabinet after losing several senior MLAs.
-
Calgary council considers bylaw changes to discourage catalytic converter theft
The City of Calgary is considering changes to its business licence bylaw in the effort to reduce catalytic converter theft.
Montreal
-
BREAKING
BREAKING | ‘Imminent threat’: Quebec police warn of armed suspect in Stoke
Quebec provincial police (SQ) is warning the public about an armed suspect posing an “imminent threat” in Stoke in the Estrie region.
-
'It doesn't feel human': Six Quebecers file legal challenge against Bill 96
One year less a day after Quebec's Bill 96 came into force, a new legal challenge was filed Wednesday at the Montreal courthouse on behalf of six people.
-
HEAT WAVE
HEAT WAVE | Here's how you can identify heat stroke and prevent serious symptoms
Some communities in Quebec are expected to get record-high temperatures and Environment Canada has issued several weather warnings and watches for heat. Dr. Christopher Labos spoke to CTV News anchor Mutsumi Takahashi about heat and sunstroke and tips for preventing serious consequences in the sun.
Edmonton
-
Smith urged to work with elected Edmontonians after promising 'council' of defeated UCP candidates
Alberta's re-elected premier says she plans to form a "council" of UCP candidates who lost in Monday's election to advise her on Edmonton issues, something her opponent made fun of Wednesday.
-
'It was panic, chaos': Hundreds of northern Alberta residents flee growing wildfire
The wildfire, believed to have been caused by lightning, grew from 300 hectares on Sunday to 8,600 by Wednesday afternoon.
-
Landspout spotted near Stettler, Alberta
A landspout touched down near Stettler on Wednesday afternoon.
Northern Ontario
-
3 girls now charged in assault, kidnapping investigation in Huntsville
Huntsville OPP has charged a third girl in connection to an alleged assault captured on video at a local high school and shared on social media earlier this month.
-
Northern Ont. town on the brink of evacuation as out-of-control wildfire grows
Forest fires in northern Ontario are on the rise, with the largest in the region shutting down a critical highway for the people of Hornepayne for a bit and bringing the community to the brink of evacuation.
-
'Mortifying': Toronto woman says restaurant shamed her for ordering too much food
A Toronto woman says she was shamed for the size of her order at a sushi restaurant north of the city in a scathing review posted to social media that’s been viewed more than 1.4 million times.
London
-
Lewis and Cuddy call for moratorium on 'renovictions' as pressure mounts on tenants of Webster Street apartments
The plight of tenants at the Webster Street apartments in northeast London, Ont. has reached the attention of Ontario’s Ministry of Municipal Affairs and Housing.
-
Minivan careens through entrance of florist shop in west London, Ont.
No injuries were reported after a minivan careened through the front entrance of a florist shop in the west end of the city early Wednesday afternoon.
-
One person transported to hospital after farm incident near Exeter, Ont.
One person was hurt following an incident on a farm north of Exeter on Wednesday afternoon.
Winnipeg
-
'I heard a cracking noise': 16 children, 1 adult injured in platform collapse at Winnipeg's Fort Gibraltar
Seventeen people – most of whom are young students – were hospitalized after a falling from a height during a field trip at Winnipeg's Fort Gibraltar. However, many of the children are now being discharged and sent home, according to an update from the hospital.
-
'Not about promoting one party over another': Winnipeg by-election to have most candidates in Canadian history
The upcoming Winnipeg South Centre by-election will have the largest number of candidates in Canadian election history, as part of an effort to point out the flaws in our electoral system.
-
Sioux Valley Dakota Nation man killed in hit-and-run: RCMP
RCMP in Virden are investigating a fatal hit-and-run incident Tuesday morning.
Ottawa
-
Ottawa man facing charges in double homicide of Mississauga teens in Pembroke, Ont.
Ontario Provincial Police have arrested a 21-year-old man from Ottawa in connection with the shooting deaths of two teens from Mississauga in Pembroke, Ont. A third teenager, also from Mississauga, was injured.
-
Crown seeks significant sentence for OPP officer convicted of sexual assault
At a sentencing hearing in Brockville Wednesday, the Crown argued an 'exemplary sentence' was warranted for the OPP officer convicted of sexually assaulting an unconscious woman and videotaping it.
-
Special rapporteur Johnston rejects call to 'step aside' after majority of MPs vote for him to resign
Prime Minister Justin Trudeau's efforts to assure Canadians that his government is adequately addressing the threat of foreign interference took a hit on Wednesday, when the majority of MPs in the House of Commons voted for special rapporteur David Johnston to 'step aside,' a call Johnston quickly rejected.
Saskatoon
-
Warman RCMP debunk abduction report, say no child luring occurred
According to RCMP, there was no attempt to lure a child in Warman Monday afternoon.
-
Saskatoon city councillor calls for safety audit at site where cyclist died
City councillor Cynthia Block is calling for a road safety audit at the site of a fatal crash on College Drive last week.
-
Interim chief named in Prince Albert in wake of police scandal
Saskatoon Police Service superintendent Patrick Nogier was appointed as interim chief of police for Prince Albert Police Service, according to the city’s police board.
Vancouver
-
Emergency Operations Centre activated at Surrey Memorial Hospital
In response to a barrage of questions about Surrey’s beleaguered hospital, B.C.’s minister of health told reporters that an Emergency Operations Centre was activated at the site on Wednesday afternoon.
-
Vancouver cupcake thief apologizes, offers to pay for damages from bizarre bakery break-in
The man who broke into a Dunbar bakery by kicking in a glass door Friday morning has apologized to the owner and offered to pay for damages.
-
Regina
-
'A step backward': City opens survey for public feedback on future of Scarth Street pedestrian mall
The City of Regina has opened a survey for the public to provide their feedback on the future of the Scarth Street mall.
-
Woman hit from behind by truck in Regina, police asking for help in finding driver
The Regina Police Service (RPS) is asking for help in finding a driver who hit a woman with a truck from behind on Monday.
-
Plans underway for memorial statue to honour Regina Rifles
Plans are being made for a memorial in France to honour members of the Royal Regina Rifles.
Vancouver Island
-
Wildfire near Sayward, B.C., continues to burn out of control with 60 firefighters, 4 helicopters on scene
The northern Vancouver Island village of Sayward remains on edge Wednesday as a wildfire continues to burn out of control just five kilometres west of the community.
-
Alberta woman gets Ferrari impounded after speeding on Malahat
The RCMP's B.C. Highway Patrol says an Alberta woman was ticketed and had her Ferrari impounded after speeding on the Malahat highway earlier this month.
-
Victoria mortgage broker facing multiple lawsuits has licence suspended
An embattled mortgage broker from Victoria has had his licence to practice in B.C. suspended by the BC Financial Services Authority (BCFSA).