Canadian Security Magazine

Ransomware attack delays SickKids lab results, systems could be offline for weeks

The Canadian Press   

News Data Security Health Care ransomware Sick Kids sickkids

A ransomware attack has delayed lab and imaging results at Toronto’s Hospital for Sick Children and could lead to longer wait times, the hospital said Thursday, noting that some of its systems could be offline for weeks.

The hospital said it was unable to provide details about the nature of the attack, calling it an “active and ongoing incident.”

There is no evidence to date that personal information had been affected, the hospital said.

“While we can confirm this is a ransomware attack, SickKids has been preparing for attacks of this nature, and mobilized quickly to mitigate potential impacts to the continuity of care,” the hospital said in a written statement Thursday.


SickKids reported Monday night that a “cybersecurity incident” prompted the hospital to call a Code Grey – the hospital code for system failure – on Sunday at 9:30 p.m.

In its first update since then, the hospital said it would likely be a “matter of weeks” before all systems are working as normal.

“Clinical teams are currently experiencing delays with retrieving lab and imaging results, which may cause longer wait times for patients and families,” the hospital said.

The ransomware attack comes as Canada’s largest pediatric hospital has had to cancel some surgeries and redeploy staff in recent weeks to deal with a surge of sick kids with respiratory infections.

Urgent and emergent care, as well as scheduled appointments and procedures, were expected to continue as it brought systems back online in the wake of the ransomware attack, the hospital said.

SickKids said the “fluid and evolving situation” was still under investigation.

Toronto police confirmed they were working with the hospital, the Ontario Provincial Police and the provincial government as part of the investigation.

Hackers in ransomware attacks use malware to encrypt a target’s information and hold it hostage until a ransom is paid.

Newfoundland and Labrador’s largest health authority, Eastern Health, said earlier this month that a ransomware attack first discovered in Oct. 2021 had exposed the private data of 58,200 patients.

The union representing Ontario public high school teachers said last month it had been the victim of a ransomware attack in May.

Ritesh Kotak, a Toronto-based cybersecurity expert, said financial motives are often the main driver behind ransomware attacks.

“People pay, if there was no money, no one would be doing it,” he said, noting that some attacks happen just to cause harm.

Kotak said though there is no reliable data available on the number of ransomware attacks, they appear to be on the rise because more activities are conducted online.

Third-party audits that conduct “penetration tests” to find vulnerabilities within a network could help an organization protect itself, he said, as could a robust monitoring system that reports a breach as soon as it happens.

“It is clear our world is more connected … all the more reason to put preventative measures in place,” he said.

– with files from Sharif Hassan. 

This report by The Canadian Press was first published Dec. 22, 2022. 

Print this page


Stories continue below