More people at risk as Ontario public bodies face growing wave of cyberattacks, experts say

From public hospitals and the LCBO to the Toronto Public Library, 2023 saw government organizations across Ontario hit by a growing wave of separate cybersecurity incidents that took down or impacted some of their services.

Experts say that that wave is putting a greater number of individuals at risk. One particularly concerning emerging trend, according to Information and Privacy Commissioner Patricia Kosseim, is cyberattacks against municipalities, universities, school boards and hospitals.

"Cyberthieves have gotten onto the fact that these are large scale institutions that house huge volumes of very sensitive personal information," Kosseim told CBC Toronto — including personal health data.

"They know that these are institutions that provide essential services and that their operations are critical for society in order to operate," she said.  

"They thrive on that."

Last January, the LCBO had "malicious code" embedded on their website that compromised customer data, leading some to monitor their transactions for suspicious activity. In the fall, Toronto Public Library was hit by a cyberattack that saw data from current and past employees stolen, with the attack itself taking down many online and in-person services until January. In November, patient data was stolen from several Ontario hospitals and published on the dark web, leaving the hospital facing a multimillion-dollar lawsuit.

As worrying as it is, experts say the trend in Canada and around the world suggests more of these attacks are on their way in 2024.

Derek Manky, chief security strategist and global vice president of threat intelligence of cybersecurity firm Fortinet, points to the firm's latest research that suggests cybercriminals have largely exhausted phishing and other lower-level attempts at breaching an organization's security, and are becoming more aggressive in their targets.

In the next year, Fortinet predicts criminals will turn toward artificial intelligence to help refine their tactics, recruit insiders from organizations to help breach defences, and take advantage of large geopolitical events like elections and the 2024 Paris Olympic Games. 

"We're really dealing with true cybercriminal enterprise," said Manky, meaning it's never been more important to learn how to properly fight back. 

This year also saw attacks targeting health institutions, including SickKids in January, Unity Health Network's Michener Institute of Education in May, and several hospitals in southwestern Ontario in October.

In the case of the hospitals, a database containing information on 5.6 million patient visits to one hospital and the social insurance numbers of over 1,000 health-care employees were among the data taken in the ransomware attack. Affected patient data had "varied amounts and sensitivity," and some data was published by the hackers online.  

It's the result of both random targeting and strategic planning of hackers, according to Anne Genge, a cybersecurity expert who specializes in health-care sectors.

"They're getting much better at their jobs," she said.