Saskatoon gynecology clinic hit with ransomware attack: report
A ransomware attack on a Saskatoon obstetrics and gynecology clinic left the personal health information of up to 20,000 patients in the hands of malicious hackers, according to the province's privacy watchdog.
In a report issued in September, Privacy Commissioner Ronald Kruzeniski said the attack targeting Saskatoon Obstetric and Gynecologic Consultants resulted from a staff member opening a malicious email attachment at their workstation in late December 2020.
On Christmas Eve, staff were alerted by external IT providers they were locked out of their systems, with hackers demanding payment to unlock the data, says Kruzeniski.
The clinic proceeded to shut down its local network and internet connectivity, then hired outside consultants the Security Resource Group to investigate the issue. A lawyer hired by the clinic proactively disclosed the breach to the privacy commissioner.
By early January 2021 the security firm had reached a settlement with the hackers, with the clinic paying for the decryption software to unlock their system.
The security consultants then monitored the dark web for indications the health data was released anyway. Nothing turned up as of the publication of the report, according to Kruzeniski.
In a statement to CTV News Saskatoon, the clinic said it considers the risk to patients low given the steps taken to mitigate the risk.
“Saskatoon Obstetric and Gynecologic Consultants takes the privacy of its patients and this incident very seriously. As soon as [the clinic] … became aware of the incident, it took immediate and comprehensive steps including engaging cybersecurity experts to investigate and contain the incident.”
There is no evidence that any patient information has been misused as a result of the incident, the statement says.
Kruzeniski found that although the clinic was proactive in reporting the breach to his office and the Saskatoon police, it has not been able to contain the breach or provide sufficient notice to the affected patients, nor was it able to fully investigate the ransomware attack.
With no guarantee the attackers did not keep copies of the data, Kruzeniski recommends the clinic continue monitoring the dark web for five years for any sign of its patients’ data.
In his report, the privacy commissioner describes the dark web.
“The dark web is well known due to media reporting on illicit activity that occurs there. Malicious actors use the dark web to communicate about, sell, and / or distribute illegal content or items such as drugs, illegal weapons, malware and stolen data,” Kruzeniski says.
“However, just like the surface web, there are several legitimate activities on the dark web as well, including accessing information, sharing information, protecting one’s identity and communicating with others.”
RANSOMWARE MORE COMMON, SAYS TECH EXPERT
There are a few things that can be done to mitigate the risk of a ransomware attack, says Chad Jones, a former Apple engineer and current owner of Push Interactions in Saskatoon.
“You have to look at this criminal enterprise as a business. If there’s not a good return on investment for them to attack your system, they’ll move on to a system that’s more vulnerable.”
Even in the banking industry, they realise that if someone wants in, and they have enough time and resources, they’ll probably find a way, he says.
“Fortunately most of these thieves only have limited resources.”
In the ransomware world, payments are generally made in cryptocurrency, said Jones. It’s not uncommon to see ransoms higher than $50,000 paid out to these criminal groups.
There does at least seem to be some honour among thieves in this industry, he says.
“The one good thing that I can say about these ransomware attackers: they’re pretty good at getting you back up and running.”
CTVNews.ca Top Stories
Grandparent scam: London, Ont., senior beats fraudsters not once, but twice
It was a typical Tuesday for Mabel Beharrell, 84, until she got the call that would turn her world upside down. Her teenaged grandson was in trouble and needed her help.
Deaths of 4 people on Sask. farm confirmed as murder-suicide
The deaths of four people on a farm near the Saskatchewan village of Neudorf have been confirmed a murder-suicide.
CRA no longer requiring 'bare trust' reporting in 2023 tax return
The Canada Revenue Agency announced Thursday it will not require 'bare trust' reporting from Canadians that it introduced for the 2024 tax season, just four days before the April 2 deadline.
Full parole granted to man convicted in notorious 'McDonald's murders' in Cape Breton
The Parole Board of Canada has granted full parole to one of three men convicted in the brutal murders of three McDonald's restaurant workers in Cape Breton more than 30 years ago.
Incident on Calgary's Reconciliation Bridge comes to safe resolution
Nearly 20 hours after a man climbed and remained perched on top of the Reconciliation Bridge in downtown Calgary, the situation came to a peaceful resolution.
Sunshine list: These were the Ontario public sector's highest earners in 2023
Ontario released its annual sunshine list Thursday afternoon, noting that the largest year-over-year increases were in hospitals, municipalities, and post-secondary sectors.
George Washington family secrets revealed by DNA from unmarked 19th century graves
Genetic analysis has shed light on a long-standing mystery surrounding the fates of U.S. President George Washington's younger brother Samuel and his kin.
'We won't forget': How some Muslims view Poilievre's stance on Israel-Hamas war
A spokesman for a regional Muslim advocacy group says Conservative Leader Pierre Poilievre's stance on the Israel-Hamas war could complicate his party's relationship with Muslim Canadians.
Why some Christians are angry about Trump's 'God Bless the USA' Bible
Former U.S. President Donald Trump is officially selling a copy of the Bible themed to Lee Greenwood’s famous song, 'God Bless the USA.' But the concept of a Bible covered in the American flag has raised concern among religious circles.