Expert says N.L. cyberattack worst in Canadian history, deserves federal response

By Sarah Smellie

ST. JOHN’S, N.L. — The cyberattack that knocked down Newfoundland and Labrador’s health system data centres Saturday is a national security issue and should be treated as such by Ottawa, security experts say.

David Shipley, chief executive officer of Beauceron Security in New Brunswick, called the attack the worst in Canadian history. Similar attacks have targeted individual hospitals or more general government services in the country, but the extent and the consequences for human health make the Newfoundland and Labrador situation stand out, Shipley said.

“We’ve never seen an entire health network — multiple health networks — taken down like this,” the cybercrime expert said in an interview Wednesday. “This is not just a Newfoundland story, it’s not just a health-care story. This is a national story, and it’s about national security.”

On Thursday, there were some signs of recovery from the attack, as the province’s eastern health authority announced its email system was working again. “We are working to bring our health-care and clinical systems back online in a safe and controlled manner,” the authority said in a news release.

In the provincial legislature, the Opposition Progressive Conservatives questioned why Liberal Premier Andrew Furey hadn’t come home from the COP26 climate change conference in Scotland to address the crisis instead of writing on Twitter about “the challenging time” for the province.

“Please know our world-class teams are dedicated to getting things up and running as soon as possible, and I remain focused on this issue,” Furey wrote.

The attack was first discovered Saturday, affecting what Health Minister John Haggie described as the “two brains” behind the provincial health network’s data centre. Without access to such things as basic email, diagnostic images and lab results, the eastern health authority — which includes several major hospitals in St. John’s — was left operating largely with pen and paper and running only emergency services.

Thousands of medical appointments have been cancelled, including chemotherapy treatments.

The Newfoundland and Labrador government won’t say what kind of attack caused the damage, but outside experts say it has all the signs of a ransomware attack, in which hackers infiltrate an information technology network and demand payment in return for restoring access.

The situation is similar to an attack that took out Ireland’s health-care system in May, said Brian Honan, who is head of Ireland’s Computer Security Incident Response Team and a former special adviser to Europol’s Cybercrime Centre. Honan said he agrees with Shipley that the Canadian government should be front and centre in the response to the attack in Newfoundland and Labrador, and it should be treating the situation as a national security problem.

“Ransomware is a significant threat, not just to individuals or to businesses, but also to national security, and our economies and our societies,” Honan said in an interview Thursday.

Large-scale ransomware attacks are typically carried out by cybercriminal gangs, like the one behind the Conti software that was responsible for the attacks in Ireland, Honan said. “These gangs pose a significant threat,” he said, noting they operate in jurisdictions such as the former Soviet Union where governments “have kind of turned a blind eye to the activity of these criminals.”

Mark Sangster, vice-president of industry security strategy at eSentire, a cybersecurity firm in Waterloo, Ont., said there is “certainly reason to believe” the Conti gang is behind the attack in Newfoundland and Labrador. The gang has been particularly active in Canada the past few weeks, hitting five businesses and organizations since Oct. 8, and Conti has a history of going after health organizations, he said.

Like Honan and Shipley, Sangster said the federal government needs to take a harder stance on cyber crime. “Canada is a target,” he said. “Our hospitals, our utilities are targets.”

Both Honan and Shipley pointed to the hard line taken by U.S. President Joe Biden after the ransomware attack in May on the country’s largest oil pipeline, which disrupted some fuel supplies for about a week. Biden issued an executive order for sweeping security changes and improvements across the U.S. government and got in front of the problem — and the news cameras — to say he was taking the issue seriously.

That’s the kind of response needed from the Canadian government, they said.

Sangster added that the measures taken in the United States likely contributed to increased ransomware activity in Canada over the past few weeks. “They’re going to move north of the border for a little while, and let that cool off,” he said.

A spokesperson for the federal defence minister referred a request for comment Thursday to the Communications Security Establishment, the national cryptologic agency.

“Although the Canadian Centre for Cyber Security (within CSE) does not comment on cybersecurity incidents,” CSE spokesperson Evan Koronewski said by email, “we can assure you we are actively engaged with government and non-government partners, sharing cybersecurity advice and guidance, mitigation, and operational updates related to this matter.”

Prime Minister Justin Trudeau’s office did not immediately respond to a request for comment.

This report by The Canadian Press was first published Nov. 4, 2021.

News from © Canadian Press Enterprises Inc. 2021.