Ontario health ministry on high alert amid global cyberattack
Lakeridge Health in Oshawa confirms it was hit by the cyberattack that targeted institutions in 100 countries.

thestar.com
By THERESA BOYLE and RACHEL MENDLESON
May 13, 2017

Ontario’s health ministry is on high alert to ensure that computer systems at the province’s 145 hospitals remain secure following an unprecedented global cyberattack that hit Lakeridge Health in Oshawa.

In a statement on Saturday, Lakeridge Health confirmed Friday’s cyberattack caused “unexpected computer downtime at our hospitals,” but said the impact was “not like what we’ve been hearing about worldwide.”

“Our antivirus systems apparently disabled the virus, which was not able to seriously impact our network,” the statement said. “No health information was compromised and we did not lose any data. Most importantly, patient care was unaffected. It continues to be business as usual at our hospitals.”

“Almost all of our areas” were “up and running” again by Saturday afternoon, the statement said.

Lakeridge Health has five hospital sites in Durham Region.

Believed to be the biggest attack of its kind, the malware targeted vulnerabilities in computer systems in almost 100 countries. Britain’s National Health Service was affected, forcing hospitals to close wards and emergency rooms, and to turn away patients.

According to a provincial government source, the emergency management branch of Ontario’s health ministry opened a command centre at its downtown Toronto offices Friday afternoon to provide technical assistance to any hospitals experiencing trouble. And the office of the ministry’s chief information officer established a call centre to aid the sector.

The ministry has pointed all hospitals to a “patch,” or software update, which must be installed to protect against ransomware infections, said the source, who spoke on condition of anonymity because he was not authorized to provide an interview.

“We were ready for this with an emergency management protocol for cybersecurity threats. The hospitals are currently updating their systems,” he said, adding there will be an incident review once the threat has passed.

Lakeridge Health was not among the “many” hospitals that had already installed the software update, available from Microsoft since March, said the source, who was unable to specify the exact number that had.

But through calling a “Code Grey” at the first sign of trouble on Friday, it was able to protect its computer systems by rolling out an emergency preparedness protocol. This involved temporarily disconnecting from the Internet. The hospital briefly lost access to patient records, the source said.

Oshawa remained in a Code Grey Saturday morning as IT experts continued to work on the problem with the aim of first fixing the computers in the ER and critical care departments. Connection to patient records had been restored but “performance was still not optimum,” the source explained.

“They have identified the deficiency in the system and are hopeful that this downtime will be over later in the day (Saturday),” he said, adding that patients and ambulances were never diverted.

A Lakeridge Health spokesperson Lloyd Rang said they “don’t know for certain yet” what enabled the attack because the focus has been “on fixing the immediate problem.”

“There will be a full review of the events leading up to the incident and if there are any issues that need to be addressed, we will do so in the fullness of time,” he said in an interview Saturday.

Friday’s global “ransomware” attack, unprecedented in scale, had technicians scrambling to restore Britain’s crippled hospital network and secure the computers that run factories, banks, government agencies and transport systems in many other nations.

The worldwide cyber-extortion attack was so unprecedented, in fact, that Microsoft quickly changed its policy, announcing security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.

The cyberattackers took over the computers, encrypted the information on them and then demanded payment of $300 or more from users to unlock the devices. As people fretted over whether to pay the digital ransom or lose data from their computers, experts said the attackers might pocket more than $1 billion worldwide before the deadline ran out to unlock the machines.

The malicious software behind the onslaught appears to exploit a vulnerability in Microsoft Windows that was supposedly identified by the U.S.-National Security Agency for its own intelligence-gathering purposes and later leaked online. Computers that had not been updated with the Microsoft patch were vulnerable to attack.

A representative from Public Safety Canada said the Canadian Cyber Incident Response Centre is aware of the reported attacks, but made no mention on whether any Canadian users were affected.

In a statement Saturday, the Ontario Medical Association said there were “no reports of any OMA members being affected” by what it called a “massive co-ordinated ransomware attack,” that appeared to have affected only one hospital in the province.

Spokespersons for UHN and St. Michael’s Hospital told the Star their systems had been updated and were not affected. Sunnybrook Health Sciences Centre was also not affected, a spokesperson said.

Ransomware attacks hit two Ontario hospitals last year - Ottawa Hospital and Norfolk General Hospital in Simcoe - but affected only a handful of machines.

The provincial government source said the ministry’s IT department promptly contacted all hospitals Friday to warn them about the global cyberattack. “The department messaged them with the necessary security information about the risks and the preventive measures.”

He said he has never heard of a case of an Ontario hospital being forced to pay ransomware.

Atty Mashatan, a professor at Ryerson University’s School of Information Technology Management, said it was nothing more than a fluke that Canada appears to have been spared the worst of Friday’s ransomware attack, which is most commonly spread via a link in an email.

“This one wasn’t really a targeted attack at all . . . . They usually run this campaign and hope to infect as many devices as they can,” she said. “This time around we were lucky.”