St. John's cityscape is shown from Southside Hills on Thursday, May 6, 2021. THE CANADIAN PRESS/Paul Daly

Experts worried about extent of damage to N.L. health system following cyberattack

Experts worried about extent of damage to N.L. health system following cyberattack

ST. JOHN’S, N.L. — Cybersecurity experts said Tuesday they are worried about the extent of damage to the databanks of Newfoundland and Labrador’s health system following a cyberattack detected on the weekend.

Health Minister John Haggie disclosed Monday the health system’s data centre and its backup were affected by an attack, which led to the cancellation of thousands of medical appointments.

“The data centre has two brains, and both of them have been affected by whatever the system’s failure was,” Haggie said during Monday’s news conference. There’s been no official update since then.

The RCMP on Tuesday announced a criminal investigation involving officers with cyberthreat expertise, and a spokeswoman for the province’s Department of Digital Government cited the police probe in declining to disclose further details about the attack’s impact.

However, David Shipley, CEO of New Brunswick-based Beauceron Security, said in an interview that the loss of data backups invoked by Haggie is concerning, because the rebuilding process could take weeks or months to complete.

“If (the hackers) got the primary data records and they got the backups, we’re into a world of hurt,” the cybersecurity expert said Tuesday. “They’re going to have to scrub all the equipment, they’re going to have rebuild everything from scratch … and that can take weeks, if not months.”

The worst scenario would be a loss of patient data needed to treat people, including for complex cancers and other long-term illnesses, he added. “We have to ask if the X-ray images are gone, and are the CT scan images gone.”

The province has declined to release details of the attack, but Shipley says it appears the likeliest explanation is that hackers infiltrated the information technology network and are demanding payment in return for access, which is known as a ransomware attack.

Dalhousie University computer science professor Nur Zincir-Heywood said Tuesday in an interview ransomware attack programs can sometimes “stay in and eavesdrop for weeks and months,” adding that they can spread into backup data storage.

Zincir-Heywood, a cybersecurity researcher, says it could be a time-consuming task to find the most recent uninfected backup, depending on how Newfoundland and Labrador’s system is set up.

“If you don’t have the backup, you are starting from zero, which means you’ve lost all the data,” she said. “In this case, I’m guessing they’re trying to find out which is the last clean backup … and it’s easier said than done.”

During question period on Tuesday, members of the legislature raised concerns about Labrador residents who are facing delays after flying to St. John’s for medical procedures and tests.

Haggie said arrangements are being made to accommodate the travellers, and he said if there have been added costs, “given the unique nature of this situation, I would be happy to look at that from a sympathetic point of view.”

The chief executive of Eastern Health, the province’s largest health authority, said on Monday that the crash of the system meant diagnostic imaging, registration and other key network services weren’t working, creating “thousands” of cancellations.

Greg Nuna, a patient who travelled Sunday from his home in Sheshatshiu, in Labrador, said in a telephone interview that he was initially told after arriving at the hospital that the IT crash had delayed operations.

However, he said he was relieved when doctors managed to schedule his surgery on Tuesday morning to replace a catheter that had become painful. He had been waiting for weeks to have the operation and was initially alarmed at the prospect it might be further delayed.

“It worries a lot of people right across the island, particularly the elderly and those in distant places that are quite remote,” the 55-year-old said. “The health-care system needs some kind of a backup so that it doesn’t happen again.”

Speaking in the legislature on Tuesday, Haggie said there’s still no clear picture on how large a backlog would be created by the suspected cyberattack, or how long it will take to rebuild and restore services.

Online messages by the province’s eastern and central health authorities said they were continuing to cancel non-emergency procedures for Tuesday and Wednesday, with updates available on Twitter and on their websites.

Other health districts in western Newfoundland and Labrador were also reporting cancellations and postponements, though to a lesser extent than in the eastern region, which includes St. John’s.

This report by The Canadian Press was first published Nov. 2, 2021.

— Story by Michael Tutton in Halifax.

The Canadian Press