Privacy & Security
Lakeridge Health hit by worldwide cyber-attack
May 17, 2017
OSHAWA, Ont. – Lakeridge Health said last Friday’s global cyberattack caused “unexpected computer downtime at our hospitals,” but said the impact was “not like what we’ve been hearing about worldwide.”
“Our antivirus systems apparently disabled the virus, which was not able to seriously impact our network,” the statement said. “No health information was compromised and we did not lose any data. Most importantly, patient care was unaffected. It continues to be business as usual at our hospitals.”
“Almost all of our areas” were “up and running” again one day after the attack. Lakeridge Health has five hospital sites in Durham Region.
Believed to be the biggest attack of its kind, the malware targeted vulnerabilities in computer systems in almost 100 countries. Britain’s National Health Service was affected, forcing hospitals to close wards and emergency rooms, and to turn away patients.
The Toronto Star reported that the emergency management branch of Ontario’s health ministry opened a command centre at its downtown Toronto offices Friday afternoon to provide technical assistance to any hospitals experiencing trouble. And the office of the ministry’s chief information officer established a call centre to aid the sector.
The ministry has pointed all hospitals to a “patch,” or software update, which must be installed to protect against ransomware infections, said the source, who spoke on condition of anonymity because he was not authorized to provide an interview.
“We were ready for this with an emergency management protocol for cybersecurity threats. The hospitals are currently updating their systems,” he said, adding there will be an incident review once the threat has passed.
Lakeridge Health was not among the “many” hospitals that had already installed the software update, available from Microsoft since March, said the source, who was unable to specify the exact number that had.
Ontario has 145 hospitals.
But through calling a “Code Grey” at the first sign of trouble on Friday, Lakeridge Health was able to protect its computer systems by rolling out an emergency preparedness protocol. This involved temporarily disconnecting from the Internet. The hospital briefly lost access to patient records, the source said.
Oshawa remained in a Code Grey Saturday morning as IT experts continued to work on the problem with the aim of first fixing the computers in the ER and critical care departments. Connection to patient records had been restored but “performance was still not optimum,” the source explained.
“They have identified the deficiency in the system and are hopeful that this downtime will be over later in the day (Saturday),” he said, adding that patients and ambulances were never diverted.
A Lakeridge Health spokesperson Lloyd Rang said they “don’t know for certain yet” what enabled the attack because the focus has been “on fixing the immediate problem.”
“There will be a full review of the events leading up to the incident and if there are any issues that need to be addressed, we will do so in the fullness of time,” he said in an interview Saturday.
Friday’s global “ransomware” attack, unprecedented in scale, had technicians scrambling to restore Britain’s crippled hospital network and secure the computers that run factories, banks, government agencies and transport systems in many other nations.
The worldwide cyber-extortion attack was so unprecedented, in fact, that Microsoft quickly changed its policy, announcing security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.
The cyber-attackers took over the computers, encrypted the information on them and then demanded payment of $300 or more from users to unlock the devices. As people fretted over whether to pay the digital ransom or lose data from their computers, experts said the attackers might pocket more than $1 billion worldwide before the deadline ran out to unlock the machines.
The malicious software behind the onslaught appears to exploit a vulnerability in Microsoft Windows that was supposedly identified by the U.S.-National Security Agency for its own intelligence-gathering purposes and later leaked online. Computers that had not been updated with the Microsoft patch were vulnerable to attack.
A representative from Public Safety Canada said the Canadian Cyber Incident Response Centre is aware of the reported attacks, but made no mention on whether any Canadian users were affected.
In a statement Saturday, the Ontario Medical Association said there were “no reports of any OMA members being affected” by what it called a “massive co-ordinated ransomware attack,” that appeared to have affected only one hospital in the province.