Reeling from Ransomware Attack, eHealth Saskatchewan Says Restructuring IT Infrastructure

eHealth Saskatchewan | June 12, 2020

  • Five months after a ransomware attack locked the computer systems storing eHealth Saskatchewan says it’s going to take a while to restructure its IT infrastructure.

  • It wasn��t long after the agency’s IT team discovered files from some of its servers had been sent to suspicious IP addresses.

  • Additional steps taken to protect its computer systems better since the initial attack include updating password protocols, updated protection software.


Five months after a ransomware attack locked the computer systems storing confidential medical data of Saskatchewan residents, eHealth Saskatchewan says it’s going to take a while to restructure its IT infrastructure, and that it’s still unsure who stole the data or where it is. The health agency’s chief executive officer Jim Hornell confirmed in February that the virus first entered the eHealth system on December 20, 2019. Employees didn’t discover there was a problem until they tried to open files on Jan. 6 and were asked to hand over bitcoin in exchange for the encrypted data.


As we outlined publicly in early February, eHealth discovered some files were sent to IP addresses outside of eHealth’s environment. Those files were encrypted and password protected by the attacker. This makes it difficult to determine the exact content of those files,” wrote Ian Hanna, director of communications for eHealth Saskatchewan in an email to IT Word. “Longer-term work on re-organizing and restructuring eHealth’s IT architecture will continue for several more months.



Read more: COMPARING SIX LEADING CONVERGED INFRASTRUCTURE VENDORS' PRODUCT

eHealth Saskatchewan in an email to IT Word. “Longer-term work on re-organizing and restructuring eHealth’s IT architecture will continue for several more months.

~ Ian Hanna, director communications eHealth Saskatchewan


Law enforcement and privacy officials have been kept up-to-date on the forensic investigation, wrote Hanna. He also confirmed that eHealth had hired outside help to determine if any files were illegally sold. As of now, no trace of such activity has been found. The agency’s website says, should it be determined that personal health information has left the organization, the public will be advised.


Additional steps taken to protect its computer systems better since the initial attack include updating password protocols, updated protection software the introduction of multi-factor authentication for crucial systems, added Hanna. There was a total lack of visibility of the health agency’s computer network, according to David Masson, director of enterprise security at Darktrace. Unfortunately, it’s a common problem with many companies, he said.


It’s too late to really do much once you discover there’s a problem because by then, the damage is done, One of the other disturbing details of the attack against eHealth Saskatchewan.


With eHealth, there was never any ransom paid, but we’ve seen that the data has left [the data centre] and turned up in various other places,” said Masson. When it comes to action items on the part of residents whose data might be compromised, Masson suggested additional vigilance. Be wary of strange emails, text messages and phone calls. And it doesn’t hurt to check bank statements every once in a while, he added.


One of the other disturbing details of the attack against eHealth Saskatchewan is how files from some of its servers had been sent to suspicious IP addresses, he indicated. This could reflect a more sophisticated ransomware attack akin to the one that crushed an agricultural services company earlier in June. In that case, a website called “Happy Blog” run by threat group dubbed REvil auctioned off data it says was stolen from a London, Ont., company that offers crop advisory and protection services. The auction notice said the data available included accounting documents and customer accounts for the last three months.


Read more: HELIX TECHNOLOGIES BREAKS GROUND IN DATA ANALYTICS FOR CANNABIS PRODUCTION, UNVEILS BI TOOL

Spotlight

IBM Cloud Pak for Data is an integrated data and AI platform that explains, validates, monitors and mitigates bias in AI models as part of the end-to-end AI lifecycle. IBM commissioned Forrester Consulting to examine the projected return on investment for enterprises that deploy explainable AI and model monitoring through the pl

Spotlight

IBM Cloud Pak for Data is an integrated data and AI platform that explains, validates, monitors and mitigates bias in AI models as part of the end-to-end AI lifecycle. IBM commissioned Forrester Consulting to examine the projected return on investment for enterprises that deploy explainable AI and model monitoring through the pl

Related News

Hyper-Converged Infrastructure, Data Storage

JupiterOne Expands Platform with Integrations for Hybrid Infrastructure and AI-Driven Usability Improvements

prnewswire | July 31, 2023

JupiterOne the industry's leading cyber asset analysis company, today announced a platform expansion focused on expanding customer capabilities by managing on-premises assets and making it easier for teams outside of security to utilize and benefit from the platform. With the market settling into hybrid infrastructure as the norm and an increasing interest in asset visibility and analysis by product and operations teams, JupiterOne has delivered a trio of features to support these emergent use cases. The J1 On-Premises Collector, Unified Device Matrix dashboard and an AI-powered natural language search bring the power of the JupiterOne platform to new environments and organizations. The J1 On-Premises Collectorextends JupiterOne's reach into privately managed environments, allowing asset data from both on-premises environments and private clouds to be easily ingested and analyzed. This will allow customers to expand the scope of assets and infrastructure they are able to manage in JupiterOne, providing them with the tools necessary to protect all their assets within one unified solution. TheAI-powered natural language searchmakes getting answers from JupiterOne much more approachable for all teams. Users can ask a question like "Show me all laptops without anti-virus software installed" and the AI translates that into a specific J1 query on the fly. This enables teams to benefit from the asset insights generated by JupiterOne without having to become a JupiterOne power user. AI is also used to provide remediation guidance for compliance and security violations found in JupiterOne, based on best practices and the organization's infrastructure. Unified Device Matrixprovides users with an easy to use, all-in-one device management dashboard. Device management solutions are often rife with errors and duplicated instances being reported by a multitude of asset data sources. Device View solves these technical challenges to provide a clean and trustworthy view into an organization's devices and proceeds to layer on additional integrations that enable critical device management use cases, such as endpoint detection and response (EDR) agents, anti-virus software and device management agents. "By making JupiterOne easier to use and extending beyond cloud infrastructure, we are supporting security-by-design programs," saysJeff Whalen, JupiterOne's Senior Director of Product Marketing. "With security-by-design, it's vital that all teams, not just security, have easy access to the data they need to be accountable for their security responsibilities. The introduction of our AI-backed usability enhancements and the new Unified Device Matrix dashboard provides that easy access and the J1 On-Premises Connector provides the breadth of asset data across hybrid infrastructure." The continued evolution of market trends has reinforced the importance of comprehensive asset analysis and the ability to provide security for a wider range of devices. These new product enhancements infuse intelligence into asset management responsibilities, elevating them to asset analysis, which provides critical insights about an organization's entire attack surface. "These expansions to JupiterOne's asset management capabilities are critical as we continue to work toward our mission to decentralize and democratize security," saidErkang Zheng, founder and CEO of JupiterOne. "As the traditional CISO role continues to evolve and we move toward the future of cybersecurity, it is important to ensure that organizations have a complete visibility into their assets, regardless of whether those assets are cloud-based or on-premises, and no matter the technological skillset of the teams which need to know that information." About JupiterOne JupiterOne is a leading cybersecurity company specializing in cyber asset and attack surface management. Customers use the JupiterOne platform to connect the dots between all assets, people, and risks, providing deep context and insight into their expanding technology footprint. With unified cyber insights and one centralized view across hybrid and multi-cloud environments, security teams can make better data-driven decisions with confidence and address critical business challenges such as Cyber Asset Attack Surface Management (CAASM), Continuous Compliance, Cloud Security Posture Management (CSPM), and Vulnerability Prioritization. JupiterOne helps teams discover assets, map relationships, and triage risks to reduce their attack surface.

Read More

Application Infrastructure, Windows Server OS

Openreach expands Optical Spectrum Access solution with 100G service powered by Adtran

Adtran | August 04, 2023

Adtran today announced that Openreach, the UK’s largest wholesale broadband network, has deployed its FSP 3000 open optical transport technology to enable its new Optical Spectrum Access 100G Single enterprise service. Openreach’s new product offers a dedicated fiber link that empowers more UK businesses to harness point-to-point 100Gbit/s data transport. The solution also brings efficiency benefits that reduce capital and operational expenditure. The latest collaboration builds on more than a decade of successful partnership between Adtran and Openreach. “Corporate cloud applications and other data-intensive tasks such as data centre backhaul are fueling a growing demand for bandwidth. Adtran’s scalable optical technology enables us to offer a managed, high-speed service that satisfies that demand at a highly competitive price point,” said Simon Williams, head of optical products at Openreach. “With no filters or amplifiers required, our Optical Spectrum Access 100G Single service offers secure and always-on optical services that can transport enormous amounts of data. We’re also making dedicated, uncomplicated and customizable access available in a slimmed-down package that’s even easier to manage.” Openreach’s Optical Spectrum Access 100G Single offers a choice of point-to-point Ethernet links at 100Gbit/s or 10 separate channels at 10Gbit/s. Built on Adtran’s scalable, open FSP 3000 optical transport technology, the service empowers Openreach to meet the growing demand for data-intensive cloud-based applications. Engineered for operational simplicity, Adtran’s compact and highly efficient FSP 3000 platform offers a dedicated fiber link ensuring low latency, consistent service quality and unparalleled network reliability for Openreach’s customers. “Our FSP 3000 technology gives Openreach a powerful optical transport solution that efficiently delivers high-bandwidth services for enterprise customers. Using the Optical Spectrum Access 100G Single service, businesses can now smoothly manage substantial data transfers, even during peak operational hours,” commented Stuart Broome, GM of EMEA sales at Adtran. “We have a great track record of partnering with Openreach to advance digital transformation across the UK. It’s a relationship based on trust and a shared dedication to deliver for customers. Together, we’re providing extra capacity and value for more businesses.” About Adtran ADTRAN Holdings, Inc. (NASDAQ: ADTN and FSE: QH9) is the parent company of Adtran, Inc., a leading global provider of open, disaggregated networking and communications solutions that enable voice, data, video and internet communications across any network infrastructure. From the cloud edge to the subscriber edge, Adtran empowers communications service providers around the world to manage and scale services that connect people, places and things. Adtran solutions are used by service providers, private enterprises, government organizations and millions of individual users worldwide. ADTRAN Holdings, Inc. is also the largest shareholder of Adtran Networks SE, formerly ADVA Optical Networking SE.

Read More

Application Infrastructure, Storage Management

Casepoint Announces Launch of DataSite, New Cloud-Based Data Storage Solution

prnewswire | August 22, 2023

Casepoint — the industry leader in legal discovery technology for litigation, investigations, and compliance — today announced the official launch of DataSite, a cloud-based data storage and staging solution. DataSite enables corporations, law firms, and government agencies to move data seamlessly between the Casepoint Platform and DataSite, forming a secure, scalable, and cost-effective alternative to on-premises data storage solutions. Within DataSite, users can upload and download large amounts of structured and unstructured data in its native format, organize and stage that data, conduct searches, and even store, preserve, and manage "golden copies" of data. Users can easily store data they might need in the future but do not necessarily need to access regularly. When litigation, investigations, or regulatory response needs arise, they can move that data back to the Casepoint Platform at the touch of a button. DataSite also features flexible scalability, meaning users only pay for additional storage if they need it. Whereas, on-premises data storage systems such as server farms typically have predetermined limits on storage capacity but often charge users for full capacity, regardless of their actual needs. "Data proliferation isn't going anywhere, so it's critical for organizations of all types to have scalable solutions," said Vishal Rajpara, Chief Technology Officer at Casepoint. "As more organizations move to the cloud, they need a secure environment in which to stage and store data on their network that allows them to scale up or down according to their particular needs. DataSite is the next phase in the evolution of delivering a comprehensive cloud-based solution to our clients." Another benefit of the DataSite is that it enables faster data transfers to the Casepoint Platform since the data already exists within the Casepoint ecosystem — further reducing time and ultimately costs to the organization. Since the data never leaves that ecosystem, it is also more secure for the client. "For security purposes, DataSite brings all of that data under the umbrella of Casepoint's rigorous security program and protocols so everything is protected between the data source and the Casepoint Platform," said Amit Dungarani, Vice President of Partnership and Strategic Initiatives at Casepoint. "We can document a full record of our clients' data and expand on the concept of matter management like never before. This is a game-changer." About Casepoint Casepoint is the legal technology platform of choice for corporations, government agencies, and law firms to meet their complex eDiscovery, investigations, and compliance needs. Powered by cutting-edge AI and advanced analytics, Casepoint helps teams cut through large volumes of data to quickly identify insightful and actionable information. Casepoint's secure and scalable cloud-based platform is designed to help organizations take control of their data and processes to maximize efficiency, mitigate risk, and lower overall legal spend. Casepoint's easy-to-use and intuitive interface provides legal hold, cloud collections, powerful data processing, advanced analytics, artificial intelligence, review, and production.

Read More