Skip to main content

'It's going to get worse': Maritime experts warn of increasing cybersecurity threats

Share
HALIFAX -

It's been a cyber-nightmare for Newfoundland and Labrador as the provincial government scrambles to recover from a cyberattack.

The attack affected critical digital health systems, forcing the province to halt thousands of non-emergency procedures and appointments this week. Its largest health authority had to revert to pen and paper for record-keeping.

"This has all the hallmarks of organized crime," says digital anthropologist Giles Crouch.

While Newfoundland and Labrador's health minister won't say if the attack was ransomware, Crouch says if ransom wasn't demanded now, it might be later.

"The criminal organization may have downloaded all that health data and they could still hold that hostage to try to get the ransom money," he says.

Those in the field of cybersecurity say health care is particularly vulnerable, with so much sensitive patient information and crucial systems.

Attacks have increased during the pandemic when attention is focused elsewhere.

"Critical infrastructures, health systems, they become even bigger targets, because they are dealing with all the other issues," says Dalhousie University computer science professor Nur Zincir-Heywood.

"Call me pessimistic, but stopping any attack, including ransomware, is unrealistic," says Zincir-Heywood.

"Coming up with recovery plans," is what she says needs to happen. "Knowing that some attack can happen, how can we actually recover from these quickly? What are the policies we have or systems that we set up for backup?"

"These are all 'hygienes' of cybersecurity," she says.

But whether the province of Nova Scotia is taking extra precautions -- the minister in charge won't say -- because hackers might be listening.

When asked what types of measures the province takes to prevent cyberattacks, or how much it spends on cybersecurity, Colton LeBlanc also wouldn't discuss.

But, he said, government would let the public know, if a cyberattack happens.

"We're continuing to do what we have been doing because cybersecurity is important in this day and age," says LeBlanc.

Details of the province's cybersecurity measures are even a secret from Nova Scotia's own information and privacy commissioner.

Thursday, the Information and Privacy Commissioner for Nova Scotia, Tricia Ralph, told CTV News in a statement that cybersecurity is always a concern, adding: "... government is not obligated to inform me of what safeguards it has in place to detect or prevent cyberattacks, nor is it obligated to inform me of any cyberattacks it may have experienced. "

Ralph also writes: "These are gaps in the legislation that should be amended." 

In New Brunswick, it took the City of Saint John months to reveal the extent of its November 2020 ransomware attack, when thieves tried unsuccessfully to extort $17-million in Bitcoin.

Fredericton-based cybersecurity expert Chris Johnston, the CEO of global cybersecurity firm Bulletproof, says organizations are often vulnerable because cybercrime evolves faster than they can adapt.

"Those that are underinvesting in security are quite often the ones that you see having the problems," says Johnston.

He says IT departments in many sectors often find themselves trying to keep up with hackers operating 24/7 and year-round.

"We have to assume breach," says Johnston. "Security has to be thought of differently, it has to be staffed or dealt with differently. The reality is we as organizations have to continue to evaluate the risk and be honest about the new investments that are required."

Experts say the next cyberattack is only a matter of time.

"It's going to get worse before it gets better," says Crouch.

CTVNews.ca Top Stories

Stay Connected