Hospitals a ‘magnet’ for cyberattacks: health care expert

Hospitals in Britain’s National Health System were recovering Saturday from a massive cyberattack that locked staff out of their computer systems, resulting in many hospitals having to cancel or delay treatment for patients.

READ MORE: Nations respond to biggest extortion cyberattack ever recorded, new attacks feared

The attack encrypted patient files and asked for users to pay to have them unencrypted.

Although nothing nearly as bad was reported in Canadian hospitals, Lakeridge Health in Oshawa, Ontario, reported some unexpected computer downtime linked to the global ransomware attack. This is hardly the first time either – in March 2016 the Ottawa Hospital reported being the target of hackers.

“Unfortunately hospitals are a magnet for such cyberattacks,” said Bill Tholl, president of HealthCareCAN, an organization representing Canadian hospitals and other health care bodies.

“To the cyberhackers, health care information is worth ten times as much as any information the average Canadian would be providing to a bank.”

This is because most Canadians have a strong desire to keep their health information private, he said. “It’s also possible to steal your personal information and possibly steal your identity.”

His organization did a survey of Canadian hospitals on this issue in January, he said. Half of hospitals responded to the survey, and half of respondents indicated that they had been hacked.

“The experts would tell you there are only two types of hospitals: that have been hacked and know it, and that don’t know that they have been hacked.”

The head of the Canadian Cyber Incident Response Centre, Colleen Merchant, told a Senate committee early in May that her department is very concerned about the rise of ransomware, and cited the heathcare industry as a particularly tempting target for hackers.

READ MORE: Hackers attacking Canada’s critical infrastructure and it’s only going to get worse

When asked to comment on the cyberattacks in the UK and abroad on Saturday, the CCIRC would only say that it is aware of the ransomware attacks and Public Safety Canada does not comment on whether reports have been received on specific incidents in Canada.

American hospitals are concerned too, said Tholl. At a recent meeting of the American Hospital Association in Washington, hacking was “a major subject of conversation.”

WATCH: Hackers have used ransomware to launch a massive cyberattack, affecting more than 70 countires, including Canada. The worst impact seems to be in the United Kingdom, where some hospitals became crippled. Shirlee Engel reports.

The problem partly arises because of the need for hospitals to make patient information easily shareable between different institutions.

“Canadians need, patients need, interoperable, exchangeable patient information. They don’t want to go from one facility to another and have to repeat the same information. So we want a portable electronic health record. We just have to do everything we can to make sure it’s as secure as it can be,” he said.

Hospitals are examining various ways to mitigate the risk of cyberattack. “What we can do is make sure all hospitals store your personal information off-site in real time and create backup systems so if your system is locked down or subject to ransomware, we can immediately switch to another backup system,” he said.

WATCH: A security breach at Grey Eagle Casino is a wakeup call to protect confidential information on office computers. Tony Tighe reports.

Hospitals can also better share information about the attacks, so that if one is hacked, other institutions know how to prevent it.

Canadian hospitals have made a lot of progress improving their security over the last two years, he said.

But, “It certainly I know keeps a lot of the CEOs of Canadian hospitals up at night.”

With files from Bryan Mullan, Global News

© 2017 Global News, a division of Corus Entertainment Inc.

You May Also Like

Top Stories