Cyber attack targets Montreal health agency, forcing it to go off line
By Sidhartha BanerjeeGeneral Government cyber cyber attack hospitals manufacturing Montreal
Internet connectivity as well as external and remote access to our networks have been suspended.
MONTREAL — A Montreal health agency has been forced off-line as authorities deal with a cyber attack.
Quebec Health Minister Christian Dube said specific attacks hit systems at the regional health agency covering west-central Montreal, which oversees the Jewish General Hospital among other facilities.
“Our teams quickly realized that there had been these attacks, and to protect the population’s data, particularly hospital data, the decision was taken to shut down the systems,” Dube told a news conference in Quebec City.
A statement from the agency said that as a preventive measure, “internet connectivity as well as external and remote access to our networks have been suspended.”
Access to patients’ records and data has been limited as a result, the statement said. “Frontline services have been slowed down – but not interrupted – while the situation is under investigation.”
Dube said the attack was possibly part of a broader campaign, but he didn’t make a direct link with a series of attacks that have hit American hospitals this week.
A joint alert was issued in the US Oct. 28 by the FBI and two other agencies, warning of a cyber crime threat aimed at hospitals and health-care providers in that country.
The warning said cyber criminals were hitting the US targets Montreal health agency, forcing it to go off line health-care system with ransomware attacks designed to scramble hospital information systems that can only be unlocked with software keys once a ransom is paid.
Dr. Lawrence Rosenberg, head of the health agency, told a press briefing Oct. 29 that an “anomaly” was detected during a daily verification of the system which they determined was a “cybersecurity intrusion.”
Officials said it was caught quickly but they were still investigating the source and weren’t in a position to confirm or deny the attack was linked to the US incidents.
There hasn’t been a ransom request, Rosenberg added.
“We are going through a fairly rigorous process of trying to get to the bottom of what we’ve found, eliminate it and get back online,” Rosenberg said, adding the work could take up to four days.
Steve Waterhouse, an internet security expert, said he believes the Montreal attack is part of the same U.S. threats, and he wouldn’t be surprised if other health institutions were hit as hackers prey on health agencies during the pandemic.
Such cyber attacks are increasingly common, he said, as hackers use trick phishing emails hoping to get unsuspecting employees to click on attachments that import the malicious code.
Waterhouse noted the Montreal Transit Corp., the victim of a ransomware attack since Oct. 19, was hit with a US$2.8 million ransom request, which it rejected.
Of the transit agency’s 1,600 servers, 1,000 were affected by the attack. Of those, 624 were considered operationally sensitive, and as of Thursday, 77 per cent of them had been restored, the transit agency said in a statement.
Dube said the Quebec Health Department has mobilized specialized cyber teams to work with the RCMP to see whether the hospital attack was part of a broader scheme.
The health minister said the most important thing was to protect personal data, but he acknowledged some appointments might be rescheduled. “It’s a small sacrifice in comparison with the theft of data,” Dube said.
The health agency informed employees of an intrusion in a memorandum Wednesday evening from Rosenberg, the agency’s CEO and president.
“At this point we do not believe that any patient or staff information has been accessed,” Rosenberg’s message said.
“It is important to note that our information technology systems are currently operating properly and without incident.”
Authorities put contingencies into place for 72 hours by printing hard copies of patient care documents or using USB keys.
“I realize that this task is likely to be time-consuming. However, this proactive precautionary measure is essential in order to protect the health, safety and personal information of all those who rely on our (agency) for health care and social services,” Rosenberg wrote.
— With files from The Associated Press.