Humber River restores computers after malware attack

TORONTO – Humber River Hospital is continuing to work through the shutdown of its computer systems in response to an extensive malware attack last week. The hospital had deactivated all of its computers as a safety precaution against the attack, which was a form of ransomware. Because the organization caught the malware early, it believes that it avoided the loss of data and has not received demands for a ransom.

Humber River Hospital declared a Code Grey – a loss of essential services – after identifying the malware attack; it is now engaging in a process of methodically bringing its systems back online. This work has to be done carefully to ensure there is no further corruption, the organization said.

Speaking to journalist Evan Solomon on CFRA Radio, in Ottawa, Humber River Hospital’s CEO Barb Collins (pictured) noted the timing of the attack has made things especially difficult, coming as it did during the COVID pandemic.

“We’re calling it a virus on top of a virus,” she said.

She explained that services at the hospital are all continuing, but in a slower form, as they are all being conducted on paper while the computers are checked and gradually brought back online.

“We’re rebuilding 5,000 computers and servers while we’re also trying to vaccinate [for COVID], care for patients, do additional surgeries – it’s particularly difficult.”

Ms. Collins said that Humber River Hospital is constantly updating its computer virus detection systems and had just applied a new patch 12 hours before being hit by the malware. “It’s known as zero-day ransomware, it’s a new variant, and it wasn’t recognized by the patch we did just 12 hours earlier.”

Luckily, a team at Humber River noticed some unusual activity very quickly – at 2 am the day it struck – and immediately shut down all of the systems.

Unfortunately, that meant no email, no electronic medical records, and various procedures like lab reports and medication ordering had to revert to paper.

As Evan Solomon said, “There must be a special place in hell for a cyber-attacker who attacks a hospital, and an even hotter temperature for someone who does it during a pandemic.”

Meanwhile, at the hospital, “stickers are being placed on all computers to let people know if the computer is clean or corrupt. We will provide further guidance in the next few days on when computers are ready to be used,” a posting on the Humber River Hospital website said.

Early this week, Humber River had activated some of its business systems to ensure continuity of business processes such as payroll, pension, stipends, etc. It has pulled in additional IT resources from partner hospitals that have gone through similar viruses to gain expertise and help.

“It’s slow and tedious work,” said Collins. “You have to go device by device, system by system.”

You can’t just turn everything back on, she said, as it’s possible to spread the virus that way.

There will be an investigation to determine who sent the ransomware, but it may be impossible to find the perpetrators.

Other hospitals have experienced similar attacks. Collins said that in 2019, three Ontario hospitals experienced a ransomware attack, and that several sites in the United States are currently dealing with cyber-attacks.

“It’s not as unusual as you might think,” she said.