[BreachExchange] Cyberattack at Montreal health centre prompts information system shutdown
Destry Winant
destry at riskbasedsecurity.com
Fri Oct 30 10:21:57 EDT 2020
https://globalnews.ca/news/7430000/cyberattack-montreal-health-centre-information-system-shutdown/
Quebec Health Minister Christian Dubé confirmed Thursday that CIUSSS
Centre-Ouest de Montreal, a regional health authority in Montreal, had
been the victim of a cyberattack.
Dubé made the statement during a briefing on the province’s response
to COVID-19.
According to Dubé, the attack took place Wednesday night.
“Our teams quickly realized that there had been these attacks, and, to
protect the population’s data, particularly hospital data, the
decision was taken to shut down the systems,” he said.
In a statement, the CIUSSS said that while front-line health services
are being maintained, there could be delays as access to patient
records and data is currently limited.
“As a preventive measure, Internet connectivity as well as external
and remote access to our networks have been suspended,” CIUSSS
Centre-Ouest de Montreal spokesperson Barry Morgan said in a written
statement.
While giving an update on the situation Thursday afternoon, Dr.
Lawrence Rosenberg, president and CEO of the CIUSSS, said telephone
systems were the most affected by the shutdown.
“We’re coming up with workarounds to be able to mitigate the
shortcomings there,” he said. “We’re distributing cell phones and
Ipads and tablets to individuals so that they can communicate over the
cell network rather than over our CIUSSS network.
Where needed, data is being transferred for internal use from one
facility to another via encrypted USB keys.
In terms of hospitals under the purview of the CIUSSS, Rosenberg said
they are functioning as usual, except maybe using more paper than they
normally would as they shift away from electronics.
“I can assure you that up until the present time all our patients at
the hospital are quite safe and receiving care,” he said, adding the
same was true of residents living in long-term care facilities.
Where the impact might be more strongly felt in terms of slowdowns is
out in community health clinics (CLSC), according to Rosenberg.
The CIUSSS said an investigation is currently underway with support
from the Ministry of Health’s cybersecurity team.
“We are currently going through a fairly rigorous process with
appropriate partners and authorities to help us understand exactly
what has happened, what we need to do to further mitigate any ongoing
problems should they arise and how to eliminate what we’ve already
discovered,” Rosenberg said.
The CIUSSS said that so far, there is nothing to suggest that patient
or staff information has been accessed or compromised.
While Dubé didn’t specify the nature of the attack, he did say it was
“significant,” and that other health facilities may have been targeted
even beyond Quebec.
On Wednesday, federal agencies in the United States, including the
FBI, issued a joint alert warning of ransomware activity targeting the
health-care and public health sector.
“We have credible information of an increased and imminent cybercrime
threat to U.S. hospitals and healthcare providers,” the alert reads.
“Malicious cyber actors are targeting the HPH Sector with Trickbot
malware, often leading to ransomware attacks, data theft, and the
disruption of healthcare services.”
Rosenberg said they don’t yet know the nature of the attack on the
CIUSSS, referring to it as a possible cybersecurity intrusion.
“There hasn’t been a ransom request. We don’t really know if this is
ransomware,” he said.
“We never said it was ransomware. All I said when I opened my remarks,
is that there was this anaomly…in our systems that looks like a
cybersecurity intrusion into our network.”
Rosenberg said current estimates for getting to the bottom of things
varies between 72 and 96 hours.
More information about the BreachExchange
mailing list