By Peter Jackson, Local Journalism Initiative Reporter, The Telegram
November 02, 2021
Health Minister Dr. John Haggie could not confirm media reports that a ransomware attack has gutted the province’s electronic health system, but did say the system provider has said it is the result of some third-party infiltration.
Eastern Health and the province’s three other health authorities first noticed a disruption of service on Saturday, Oct. 30. Computers are currently unable to communicate with each other and staff are not able to send or receive emails.
“At the moment, all we know for certain is that this is a possible cyberattack and the nature and scope of it is under investigation,” Haggie told reporters at a news conference Monday morning, Nov. 1.
He added that he doesn’t expect good news any time soon.
“It will take longer than I or anyone else wants, but at the end of the day we will come out the other end,” he said.
Eastern Health chief executive officer David Diamond said thousands of medical appointments have already been cancelled.
The inability to electronically notify or register patients, or to access medical imaging online, makes it impossible for them to go ahead, he said.
“We have gone into contingency mode,” Diamond said. “We always have contingency plans for this type of situation. We had hoped to never have to use it.”
Eastern Health is so far the worst affected, Haggie said. As of Monday, the Western and Labrador-Grenfell authorities are operating almost as normal.
Emergency services, COVID testing unaffected
Emergency services are not affected, Diamond said.
As well, dialysis, community services, and mental-health and addictions services are still going ahead.
Vaccination and COVID-19 testing is also continuing, although resorting to a paper-based system will cause delays.
Diamond said health authorities have already had to deal with delays over the past couple of years, and the current trouble is no different.
“Unfortunately, with COVID and Snowmageddon, we already have lots of experience with this sort of backlog,” he said, referring to the January 2020 snowfall that shut down the St. John’s region for a week.
He said the authority will likely add evening and weekend appointments to make up for lost time, and some appointments will be prioritized as usual.
Diamond said patients who have appointments or surgeries scheduled in the next couple of days should call one of the designated numbers to confirm their status. He said extra staff have been assigned to accommodate anticipated high call volumes.
For Eastern Health: 1-833-777-1276.
For Central Health: 1-844-651-6214.
Western Health and Labrador-Grenfell regions are less affected, although some routine laboratory and diagnostic work will be cancelled, as well as chemotherapy appointments.
Still investigating
Haggie said the Newfoundland and Labrador Centre for Health Information (NLCHI) and service provider Bell Aliant are working to pinpoint the problem, which he described as attacking the “brain” of the system.
He couldn’t say whether any information has been lost or compromised, but added the province’s privacy commissioner has been brought into the loop.
Insurers have also been contacted.
Ransomware attacks hit major utilities and transportation systems in the United States earlier this year. Ireland’s health system is still recovering after it was hit by a major ransomware attack in May.
Canada is not immune, either.
Ottawa issued a warning in March to companies that provide services to national and international clients. According to IT Business, FortisOntario, a subsidiary of Fortis Inc. that provides electricity to several Ontario clients, reported a ransomware attack that same month.
A survey by the Canadian Internet Registration Authority (CIRA) found that more than two-thirds of Canadian businesses opted to pay off hackers for ransomware attacks, although the same percentage also endorsed the idea of legislation against paying them.
Subscribe to our newsletter.
Haggie said it’s too early to discern the nature of the current attack, and he is unaware of what the government’s policies would be with respect to ransomware.
