Incident Response, Malware, Network Security, TDR, Threat Management

Canadian hospital infected with ransomware

A hospital in Canada is the latest victim in a rash of cyber-attacks on hospitals. The Ottawa Hospital in Canada's southeastern region of Ontario was hit with ransomware on several of its computers recently.

The hospital released a statement, saying that no patient data was accessed and that “we are confident we have appropriate safeguards in place to protect patient information and [we] continue to look for ways to increase security”.

According to Kate Eggins, a spokesperson for the hospital, no ransom was paid. Furthermore, the four computers that were infected were quickly wiped. Eggins added, “The Ottawa Hospital has an enterprise backup system and backs up all systems and data in accordance to defined business requirements. Recovering from a malware incident is one such requirement.”

Anti-virus vendor McAfee and the Canadian Cyber Incident Response Centre have identified the ransomware in question as being a WinPLock variant.

That said, the hospital has nearly 10,000 computers and the ransomware only affected four. The hospital was lucky, others have not been as fortunate.

In recent months, several hospitals on both sides of the Atlantic have been hit with a series of attacks. Last week attackers made off with a trove of treatment information and profoundly personal details from a series of cancer treatment centres in the US.

The first attack to really grab headlines was the attack on Hollywood Presbyterian Medical Centre, which shut down day-to-day operations for several days and ended in a payment of $17,000 (£12,000). A post on Pastebin, a website for sharing developer code, later claimed that Turkish hackers had perpetrated the attack on account of US support for Kurdish forces fighting in northern Iraq.

At the same time a ransomware attack hit several hospitals in Germany, shutting down email and one of the hospital's' X-ray systems. In most cases, the ransomware only gets so far within the hospital's servers before the IT team wipes the servers of the infection and backs up. What keeps the IT teams of hospitals up at night, though, is the prospect of it spreading further through the hospital's systems.  

But the theft of data is not the only thing that people are worried about. New research released several weeks ago, showed the cyber-security of hospitals in a poor light. Carried out by Independent Security Evaluators(ISE), the report found that even though hospitals put a premium on protecting patient data, however successfully, they were poorly prepared for advanced threats.  

The research notes, “The efforts that do aim to protect patient health do not address intelligent cyber-threats. Defending patient health and patient records is not one-in-the-same, and placing the focus on records harshly ignores the patient health aspect. So long as this is the mission of the industry, it is unlikely that patients' health will be adequately protected in the healthcare ecosystem.”

Ted Harrington, executive partner at ISE, later spoke to SC, saying, “Our research found an industry ill prepared to address the security crisis in which it finds itself, with insufficient funding, insufficient talent, insufficient training, lack of network awareness, heavy reliance on tools and on compliance, and many more business shortcomings.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.