Saskatoon gynecology clinic hit with ransomware attack: report
A ransomware attack on a Saskatoon obstetrics and gynecology clinic left the personal health information of up to 20,000 patients in the hands of malicious hackers, according to the province's privacy watchdog.
In a report issued in September, Privacy Commissioner Ronald Kruzeniski said the attack targeting Saskatoon Obstetric and Gynecologic Consultants resulted from a staff member opening a malicious email attachment at their workstation in late December 2020.
On Christmas Eve, staff were alerted by external IT providers they were locked out of their systems, with hackers demanding payment to unlock the data, says Kruzeniski.
The clinic proceeded to shut down its local network and internet connectivity, then hired outside consultants the Security Resource Group to investigate the issue. A lawyer hired by the clinic proactively disclosed the breach to the privacy commissioner.
By early January 2021 the security firm had reached a settlement with the hackers, with the clinic paying for the decryption software to unlock their system.
The security consultants then monitored the dark web for indications the health data was released anyway. Nothing turned up as of the publication of the report, according to Kruzeniski.
In a statement to CTV News Saskatoon, the clinic said it considers the risk to patients low given the steps taken to mitigate the risk.
“Saskatoon Obstetric and Gynecologic Consultants takes the privacy of its patients and this incident very seriously. As soon as [the clinic] … became aware of the incident, it took immediate and comprehensive steps including engaging cybersecurity experts to investigate and contain the incident.”
There is no evidence that any patient information has been misused as a result of the incident, the statement says.
Kruzeniski found that although the clinic was proactive in reporting the breach to his office and the Saskatoon police, it has not been able to contain the breach or provide sufficient notice to the affected patients, nor was it able to fully investigate the ransomware attack.
With no guarantee the attackers did not keep copies of the data, Kruzeniski recommends the clinic continue monitoring the dark web for five years for any sign of its patients’ data.
In his report, the privacy commissioner describes the dark web.
“The dark web is well known due to media reporting on illicit activity that occurs there. Malicious actors use the dark web to communicate about, sell, and / or distribute illegal content or items such as drugs, illegal weapons, malware and stolen data,” Kruzeniski says.
“However, just like the surface web, there are several legitimate activities on the dark web as well, including accessing information, sharing information, protecting one’s identity and communicating with others.”
RANSOMWARE MORE COMMON, SAYS TECH EXPERT
There are a few things that can be done to mitigate the risk of a ransomware attack, says Chad Jones, a former Apple engineer and current owner of Push Interactions in Saskatoon.
“You have to look at this criminal enterprise as a business. If there’s not a good return on investment for them to attack your system, they’ll move on to a system that’s more vulnerable.”
Even in the banking industry, they realise that if someone wants in, and they have enough time and resources, they’ll probably find a way, he says.
“Fortunately most of these thieves only have limited resources.”
In the ransomware world, payments are generally made in cryptocurrency, said Jones. It’s not uncommon to see ransoms higher than $50,000 paid out to these criminal groups.
There does at least seem to be some honour among thieves in this industry, he says.
“The one good thing that I can say about these ransomware attackers: they’re pretty good at getting you back up and running.”
CTVNews.ca Top Stories
Feds 'not interested' in investing in LNG facilities: energy minister
Energy and Natural Resources Minister Jonathan Wilkinson says the federal government is 'not interested' in subsidizing future liquefied natural gas (LNG) projects, including the electrification of projects currently in the works.
Chants of 'shame on you' greet guests arriving for the annual White House correspondents' dinner
An election-year roast of U.S. President Joe Biden before journalists, celebrities and politicians at the annual White House correspondents' dinner Saturday.
Aerial photos show wide devastation left by tornado in China's Guangzhou
Aerial photos posted by Chinese state media on Sunday showed the wide devastation of a part of the southern city of Guangzhou after a tornado swept through the day before, killing five people, injuring dozens others and damaging over a hundred buildings.
Global measles cases nearly doubled in one year, researchers say
The number of measles cases around the world nearly doubled from 2022 to 2023, researchers say, presenting a challenge to efforts to achieve and maintain elimination status in many countries.
Fair share: the right office solution can take finding the right partner
The rise of remote and hybrid work has made it harder to justify a full office, so more are leaning on co-working spaces that they share with many others for convenience and cost savings. The choice, however, comes at the expense of privacy and control.
A top Qatari official urges Israel and Hamas to do more to reach a ceasefire deal
A senior Qatari official has urged both Israel and Hamas to show "more commitment and more seriousness" in ceasefire negotiations in interviews with Israeli media, as pressure builds on both sides to move toward a deal that would set Israeli hostages free and bring potential respite in the nearly seven-month-long war in Gaza.
What Trudeau's podcast appearances say about the Liberals' next ballot box question
Trudeau recently appeared on four podcasts as he travels the country talking up the Liberals' latest budget, which he's pitching as a plan to inject more economic fairness into society for those under 40 — a cohort that has kept Trudeau in power since 2015 but is increasingly turning to Conservative Leader Pierre Poilievre.
Russian drones set a hotel ablaze in a Ukrainian Black Sea city
Russian drones early Sunday struck the Black Sea city of Mykolaiv, setting a hotel ablaze and damaging energy infrastructure, the local Ukrainian governor reported, while ammunition shortages continued to hobble Kyiv's troops in the more than two-year-old war.
A munitions explosion at a Cambodian army base kills 20 soldiers, but its cause is unclear
Security was tight around a military base in southwestern Cambodia on Sunday, a day after a huge explosion there killed 20 soldiers, wounded others and damaged nearby houses.