Twenty-four Northeastern Ontario hospitals were victims of the latest cyber attack with the use of zero-day exploits. Zero-day exploits are unknown security bugs in software that are actively exploited by hackers in order to gain control, launch malware or open other vulnerabilities in the target system. The attack estimated to have occurred last January 16, 2018, around 8 am.
“At Health Sciences North, about 75 percent of the systems are impacted by the downtime. HSN is working to begin restoring critical systems by (today) and planning to reschedule canceled chemotherapy and radiation treatments this weekend. We have no evidence to suggest that the privacy of patient information has been breached,” explained by the hospital’s press release.
The hospitals’ leaders had no other recourse but to shut down all systems that may have been affected by the cyber attack. This includes the patients’ record system, Meditech, resulting for the hospitals to continue operating with a manual recording of patients progress. The medical record system that tracks therapy sessions for cancer patients was also shut down as part of the mechanism in containing the problem.
“All 24 hospitals in the region rely on our information technology platform or systems, one way or the other. Because all hospitals in the region rely on our platform, once it reached HSN we took all the preventive measures to avoid contamination. Those preventive measures were successful. It is really one system, our cancer program system, where the virus did infect the system. But we had good backup data, so we will be able to restore information. So we’re confident that by Friday, we will begin restoring our most major systems for Health Sciences North,” emphasized Dominic Giroux, CEO of Health Sciences North.
With the zero-day attack against the Health Sciences North and its related hospitals, even the police officers are on alert. The police department is even doubting their readiness for such an attack if it occurs on their premises.
“I think you raise a really good point about the security of information technology, and it’s something we take very seriously. We do have firewalls and go through security audits regularly. Their sole and exclusive job is to try to get in through our firewalls. They poke holes and see if they can get in. So we have a very strong commitment to that. So when you hear of systems crashing, we could have a crash, but our data is all locked up. We have comprehensive electronic records of everything. technology is changing at such a fast pace. So staying ahead and always ensuring that we can maintain that security is, again, why we bring in experts to test the security piece for us,” said Sharon Baiden, police representative.
The police force is mulling on increasing spending for the organization’s cybersecurity defense, but what they lack are manpower and know-how. “To a certain extent, we’ve got significant in-house capacity, we have a fantastic IT department, but there are existing skill sets that we would want to use for a short period of time in our organization, whether it’s a consultant or an expert, and this is one of those examples. And it’s a cost saver rather than keeping on-board salary,” said Paul Pedersen of the police force.