Hack­ers tar­get pa­tient files for ran­som

Saskatoon StarPhoenix - - FRONT PAGE - TOM BLACK­WELL Tblack­well@na­tion­al­post.com

Hack­ers have re­peat­edly tar­geted Cana­dian doc­tors with ran­somware re­cently, hob­bling com­puter sys­tems that hold thou­sands of med­i­cal records and im­ped­ing pa­tient care, a ma­jor health-care or­ga­ni­za­tion says.

In the best-case sce­nario af­ter the in­ci­dents, med­i­cal of­fices spend two or three days restor­ing their sys­tems from backup sites; at worst they can lose masses of cru­cial data, the Cana­dian Med­i­cal Pro­tec­tive As­so­ci­a­tion (CMPA) says.

In the mean­time, physi­cians are miss­ing key as­pects of pa­tients’ his­tory when di­ag­nos­ing health is­sues, says Dr. Den­nis De­sai, a physi­cian ad­viser at the CMPA, which pro­vides li­a­bil­ity cov­er­age for most of Canada’s MDs.

“The doc­tors are un­der at­tack,” he said. “We are get­ting physi­cians on a reg­u­lar ba­sis say­ing, ‘I have a com­puter, I got locked out, I have ran­somware.’ … They’ve been asked to pay in bit­coin. They’re ask­ing us, ‘Should I pay it?’”

The the­o­ret­i­cal threat of ran­somware to Cana­dian health care has been much dis­cussed lately, es­pe­cially since the global “Wan­nacry” out­break struck sev­eral Bri­tish hos­pi­tals in May.

The of­fice of Brian Beamish, On­tario’s pri­vacy com­mis­sioner, said Wed­nes­day it has re­ceived 10 re­ports of ran­somware at­tacks on doc­tor’s of­fices or clin­ics since the start of 2016, call­ing it an “in­creas­ingly dan­ger­ous” threat to the se­cu­rity of health records.

In sim­ple terms, at­tack­ers freeze up com­put­ers by en­crypt­ing data, then de­mand a pay­ment — usu­ally in dig­i­tal bit­coin — to un­lock the files.

No Cana­dian hospi­tal — as op­posed to a doc­tor’s of­fice — has pub­licly ad­mit­ted to be­ing a vic­tim. But Bill Tholl, chair of a fed­eral com­mit­tee on cy­ber­se­cu­rity and crit­i­cal in­fra­struc­ture, con­firmed Wed­nes­day that it has hap­pened here.

“There have been some hos­pi­tals that have been at­tacked and have paid ran­som in bit­coin, in Canada,” he said. “It was the Wan­nacry kind of event … It’s not in­di­vid­ual pa­tient files; they lock up ev­ery­body.”

The CMPA pub­lished an ar­ti­cle this week urg­ing physi­cians to en­sure they have ro­bust backup sys­tems, vig­or­ously guard against in­fec­tion by com­puter viruses — and not pay ran­som if they are tar­geted.

It seems to be a bur­geon­ing prob­lem, with one ex­pert es­ti­mat­ing the num­ber of ran­somware at­tacks has soared 600 per cent just in the past year, said Tholl, for­mer CEO of HealthCareCan, which rep­re­sents hos­pi­tals and other med­i­cal fa­cil­i­ties.

And for var­i­ous rea­sons, med­i­cal data is a prime fo­cus, 10 times more likely to be tar­geted than even bank­ing in­for­ma­tion, he said.

That re­al­ity was driven home by Wan­nacry, which caused 16 hos­pi­tals in Bri­tain’s Na­tional Health Ser­vice to shut down at least part of their op­er­a­tions.

In the U.S., at least two ma­jor fa­cil­i­ties have taken sig­nif­i­cant hits from more iso­lated at­tacks. Com­put­ers at Erie County Med­i­cal Cen­ter in Buf­falo were down for six weeks ear­lier this year af­ter hack­ers de­manded $44,000 in bit­coin, a sum the fa­cil­ity re­fused to pay.

Kevin Magee, a cy­ber­se­cu­rity con­sul­tant on Tholl’s fed­eral com­mit­tee, said Cana­dian hos­pi­tals have so far been rel­a­tively un­scathed, partly be­cause they seem dis­ci­plined about in­stalling se­cu­rity patches to pro­tect against mal­ware.

But Wan­nacry showed cy­ber crim­i­nals the lure of pur­su­ing health-care in­sti­tu­tions, where lives could be en­dan­gered by a sud­den com­puter fail­ure, Magee said.

The physi­cian of­fices af­fected by ran­somware typ­i­cally have one com­puter sys­tem that cov­ers ev­ery­thing from ap­point­ment sched­ul­ing to pa­tient charts, De­sai said. And more than 70 per cent of physi­cians now have elec­tronic med­i­cal records. Be­ing with­out those charts even for a cou­ple of days is a prob­lem, he said.

The CMPA, like most other ex­perts, ad­vises against pay­ing a ran­som, as it may sim­ply set up the clinic to be men­aced again, and is no guar­an­tee files will be un­locked, De­sai said.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.