Hackers targeting patient files for ransom
Hackers have repeatedly targeted Canadian doctors with ransomware recently, hobbling computer s ystems that hold thousands of medical records and impeding patient care, says a major health- care organization.
In the best- case scenario after the incidents, medical offices spend two or three days restoring their systems from backup sites; at worst they can lose masses of crucial data, says the Canadian Medical Protective Association (CMPA).
In the meantime, physi c i ans are missing key aspects of patients’ history when diagnosing health issues, says Dr. Dennis Desai, a physician adviser at the CMPA, which provides liability coverage for most of Canada’s MDs.
“The doctors are under attack,” he said.
“We are getting physicians on a regular basis saying, ‘I have a computer, I got locked out, I have ransomware.’ … They’ve been asked to pay in bitcoin.
“They ’re asking us, ‘Should I pay it?’ ”
The theoretical threat of ransomware to Canadian health care has been much discussed lately, especially since the global “Wannacry” outbreak struck several British hospitals in May.
The office of Brian Beamish, Ontario’s privacy commissioner, said Wednesday it has received 10 reports of ransomware attacks on doctor’s offices or clinics since the start of 2016, calling it an “increasingly dangerous” threat to the security of health records.
In simple terms, attackers freeze up computers by encrypting data and then demand a payment — usually in digital bitcoin — to unlock the files.
No Canadian hospital — as opposed to a doctor’s office — has publicly admitted to being a victim. But Bill Tholl, chair of a federal committee on cybersecurity and critical infrastructure, confirmed Wednesday it has happened here, with medical files involved.
“There have been some hospitals that have been attacked and have paid ransom in bitcoin, in Canada,” he said. “It was the Wannacry kind of event … It’s not individual patient files; they lock up everybody.”
The CMPA published an article this week urging physicians to ensure they have robust backup systems, vigorously guard against infection by computer viruses — and not pay ransom.
It seems to be a burgeoning problem, with one expert estimating the number of ransomware attacks has soared 600 per cent just in the past year, said Tholl, former CEO of HealthCareCan, which represents hospitals and other medical facilities across the country.
That reality was driven home by Wannacry, which caused 16 hospitals in Britain’s National Health Service to shut down at least part of their operations.
In the U.S., at least two major facilities have taken significant hits from more isolated attacks. Computers at Erie County Medical Center in Buffalo were down for six weeks earlier this year after hackers demanded $ 44,000 in bitcoin, a sum the facility refused to pay.
Kevin Magee, a cybersecurity consultant who is on Tholl’s federal committee, said Canadian hospitals have so far been relatively unscathed, partly because they seem disciplined to protect against malware.
But Wannacry showed cyber criminals the lure of pursuing health- care institutions, where lives could actually be endangered by a sudden computer failure, Magee said.
The physician offices af- fected by ransomware — some housing several doctors — typically have one computer system that covers everything from appointment scheduling to patient charts, Desai said.
And more than 70 per cent of physicians now have electronic medical records. Being without those charts even for a couple of days is a problem, he said. “The patient comes in with a sore throat and you’re going to prescribe an antibiotic. But ( maybe) they’ve got an allergy to penicillin, or they had a previous problem with a cancer and this might be a recurrence,” said Desai. “You really need to know that information.”
The CMPA, like most other experts, advises against paying a ransom, as it may simply set up the clinic to be menaced again, and is no guarantee files will be unlocked, said Desai.
A national policy against hospitals paying ransom would be ideal, but not practical until all the facilities have implemented adequate, daily backup of patient data, said Tholl. Some have yet to take that step.
Meanwhile, the ransomware threat is expected to keep growing, and become increasingly sophisticated, said Magee. That could mean hackers demanding ransom with more insidious forms of pressure, such as threatening to change blood type or other key facts in patient records, publish private charts or emails, or meddle with computer-connected medical devices, he said.
A survey done for HealthCareCAN after the Wannacry incident found 85 per cent of those officials felt their institutions were very or somewhat vulnerable to cyber assaults.
IT’S NOT THE INDIVIDUAL PATIENT FILES; THEY LOCK UP EVERYBODY.