Despite warnings, N.L. health officials didn't bolster cyberdefences before ransomware attack
CBC
Newfoundland and Labrador health officials did not act on a series of warnings and failed to adequately protect sensitive health information of hundreds of thousands of people before a ransomware gang launched a devastating cyberattack in 2021 that surreptitiously scooped up 200 gigabytes of data and paralyzed the province's health-care system.
That's among the findings of a 115-page report on the attack issued Wednesday morning by the Office of the Information and Privacy Commissioner.
"The biggest question at the outset of this investigation for us was whether this cyberattack succeeded despite these [provincial health] entities having cybersecurity practices that met recognized international standards, or if it succeeded because those standards were not being met at the time," the provincial watchdog noted in the report.
"Unfortunately, we found the latter."
Security in the health information system "was lacking in a number of important areas" and internationally recognized, industry-standard cybersecurity measures were "either not in place or not fully implemented."
The report found that deficit left the personal health information and personal information of citizens of the province vulnerable to cyberattack — "which, under the circumstances, was almost an inevitability."
Investigators concluded that these vulnerabilities were known within the health-care system but officials failed to fix them.
As well, they believe more people were affected by the breach than previously disclosed by government and health officials.
"The total number of privacy breaches caused by the cyberattack is unknown but is likely to be in the hundreds of thousands," the report advised.
"In other words, it is likely that the vast majority of the population of the province had some amount of personal information or personal health information taken by the cyberattackers, although the specific number may never be known."
The report called the data taken in the cyberattack "highly sensitive information that deserved the highest degree of protection."
However, the report found that "an impressive amount of work" has happened since the attack, to ensure that appropriate cybersecurity measures are in place across the health information system.
"We are pleased to say that much progress has been made," the report noted.
"A crucial consideration, however, is that this is not a one-time fix. Cybersecurity is an ongoing project, and it is essential that sufficient focus and resources continue to be directed to this task."
The dream of those who wanted to breathe new life into Saskatoon’s bus barns in Caswell Hill is expected to come tumbling down next year.
Jill Finn is still haunted by the voice.
P.E.I.'s deputy premier Bloyce Thompson is expected to be sworn in as the province's next premier one day after Rob Lantz announced his resignation from the role and his bid for the permanent leadership of the province’s Progressive Conservative Party.
WARNING: This article may affect those who have experienced sexual violence or know someone affected by it.
The Ontario government has sided with the City of Hamilton in its push to continue a long-delayed James Street N., housing redevelopment, which proposes the creation of several hundred homes in the north end.
There's still no timeline on the official designation of an Ojibway National Urban Park — and a Parks Canada representative is asking the community to adjust its expectations.
As the cost of groceries continues to increase, one Edmonton organization is harnessing the power of bulk buying to ensure its members aren’t going hungry at a critical time every month.
A drug alert has been issued in Thunder Bay, Ont., over a toxic substance first found in Toronto earlier this fall.
Ontario’s municipal affairs minister says the province will move forward with a much-delayed mandatory review of the Greenbelt, but opposition critics say there's still no word on when the study of the ecologically sensitive zone will take place or who will conduct it.
A three-year-old girl is dead and a 31-year-old woman suffered serious injuries after they were hit by a vehicle near a Cambridge, Ont., plaza on Thursday afternoon.
Roy Weistche recalls being taken as a young boy to stay with a non-Indigenous family in Gatineau — people he had never met, more than 900 kilometres away from his home in the Cree Nation of Waskaganish.
The drop in Canadian tourism to the United States in response to U.S. President Donald Trump's actions is hurting American businesses in several states, a new report by a congressional committee has found.
Air Canada has successfully overturned a Canadian Transportation Agency (CTA) decision requiring the airline to pay a passenger $2,079 for delayed baggage.