Five months after a ransomware attack locked the computer systems storing eHealth Saskatchewan says it’s going to take a while to restructure its IT infrastructure.
It wasn��t long after the agency’s IT team discovered files from some of its servers had been sent to suspicious IP addresses.
Additional steps taken to protect its computer systems better since the initial attack include updating password protocols, updated protection software.
Five months after a ransomware attack locked the computer systems storing confidential medical data of Saskatchewan residents, eHealth Saskatchewan says it’s going to take a while to restructure its IT infrastructure, and that it’s still unsure who stole the data or where it is. The health agency’s chief executive officer Jim Hornell confirmed in February that the virus first entered the eHealth system on December 20, 2019. Employees didn’t discover there was a problem until they tried to open files on Jan. 6 and were asked to hand over bitcoin in exchange for the encrypted data.
As we outlined publicly in early February, eHealth discovered some files were sent to IP addresses outside of eHealth’s environment. Those files were encrypted and password protected by the attacker. This makes it difficult to determine the exact content of those files,” wrote Ian Hanna, director of communications for eHealth Saskatchewan in an email to IT Word. “Longer-term work on re-organizing and restructuring eHealth’s IT architecture will continue for several more months.
Read more: COMPARING SIX LEADING CONVERGED INFRASTRUCTURE VENDORS' PRODUCT
eHealth Saskatchewan in an email to IT Word. “Longer-term work on re-organizing and restructuring eHealth’s IT architecture will continue for several more months.
~ Ian Hanna, director communications eHealth Saskatchewan
Law enforcement and privacy officials have been kept up-to-date on the forensic investigation, wrote Hanna. He also confirmed that eHealth had hired outside help to determine if any files were illegally sold. As of now, no trace of such activity has been found. The agency’s website says, should it be determined that personal health information has left the organization, the public will be advised.
Additional steps taken to protect its computer systems better since the initial attack include updating password protocols, updated protection software the introduction of multi-factor authentication for crucial systems, added Hanna. There was a total lack of visibility of the health agency’s computer network, according to David Masson, director of enterprise security at Darktrace. Unfortunately, it’s a common problem with many companies, he said.
It’s too late to really do much once you discover there’s a problem because by then, the damage is done, One of the other disturbing details of the attack against eHealth Saskatchewan.
With eHealth, there was never any ransom paid, but we’ve seen that the data has left [the data centre] and turned up in various other places,” said Masson. When it comes to action items on the part of residents whose data might be compromised, Masson suggested additional vigilance. Be wary of strange emails, text messages and phone calls. And it doesn’t hurt to check bank statements every once in a while, he added.
One of the other disturbing details of the attack against eHealth Saskatchewan is how files from some of its servers had been sent to suspicious IP addresses, he indicated. This could reflect a more sophisticated ransomware attack akin to the one that crushed an agricultural services company earlier in June. In that case, a website called “Happy Blog” run by threat group dubbed REvil auctioned off data it says was stolen from a London, Ont., company that offers crop advisory and protection services. The auction notice said the data available included accounting documents and customer accounts for the last three months.
Read more: HELIX TECHNOLOGIES BREAKS GROUND IN DATA ANALYTICS FOR CANNABIS PRODUCTION, UNVEILS BI TOOL