Reeling from Ransomware Attack, eHealth Saskatchewan Says Restructuring IT Infrastructure

  • Five months after a ransomware attack locked the computer systems storing eHealth Saskatchewan says it’s going to take a while to restructure its IT infrastructure.

  • It wasn��t long after the agency’s IT team discovered files from some of its servers had been sent to suspicious IP addresses.

  • Additional steps taken to protect its computer systems better since the initial attack include updating password protocols, updated protection software.


Five months after a ransomware attack locked the computer systems storing confidential medical data of Saskatchewan residents, eHealth Saskatchewan says it’s going to take a while to restructure its IT infrastructure, and that it’s still unsure who stole the data or where it is. The health agency’s chief executive officer Jim Hornell confirmed in February that the virus first entered the eHealth system on December 20, 2019. Employees didn’t discover there was a problem until they tried to open files on Jan. 6 and were asked to hand over bitcoin in exchange for the encrypted data.


As we outlined publicly in early February, eHealth discovered some files were sent to IP addresses outside of eHealth’s environment. Those files were encrypted and password protected by the attacker. This makes it difficult to determine the exact content of those files,” wrote Ian Hanna, director of communications for eHealth Saskatchewan in an email to IT Word. “Longer-term work on re-organizing and restructuring eHealth’s IT architecture will continue for several more months.



Read more: COMPARING SIX LEADING CONVERGED INFRASTRUCTURE VENDORS' PRODUCT

eHealth Saskatchewan in an email to IT Word. “Longer-term work on re-organizing and restructuring eHealth’s IT architecture will continue for several more months.

~ Ian Hanna, director communications eHealth Saskatchewan


Law enforcement and privacy officials have been kept up-to-date on the forensic investigation, wrote Hanna. He also confirmed that eHealth had hired outside help to determine if any files were illegally sold. As of now, no trace of such activity has been found. The agency’s website says, should it be determined that personal health information has left the organization, the public will be advised.


Additional steps taken to protect its computer systems better since the initial attack include updating password protocols, updated protection software the introduction of multi-factor authentication for crucial systems, added Hanna. There was a total lack of visibility of the health agency’s computer network, according to David Masson, director of enterprise security at Darktrace. Unfortunately, it’s a common problem with many companies, he said.


It’s too late to really do much once you discover there’s a problem because by then, the damage is done, One of the other disturbing details of the attack against eHealth Saskatchewan.


With eHealth, there was never any ransom paid, but we’ve seen that the data has left [the data centre] and turned up in various other places,” said Masson. When it comes to action items on the part of residents whose data might be compromised, Masson suggested additional vigilance. Be wary of strange emails, text messages and phone calls. And it doesn’t hurt to check bank statements every once in a while, he added.


One of the other disturbing details of the attack against eHealth Saskatchewan is how files from some of its servers had been sent to suspicious IP addresses, he indicated. This could reflect a more sophisticated ransomware attack akin to the one that crushed an agricultural services company earlier in June. In that case, a website called “Happy Blog” run by threat group dubbed REvil auctioned off data it says was stolen from a London, Ont., company that offers crop advisory and protection services. The auction notice said the data available included accounting documents and customer accounts for the last three months.


Read more: HELIX TECHNOLOGIES BREAKS GROUND IN DATA ANALYTICS FOR CANNABIS PRODUCTION, UNVEILS BI TOOL

Spotlight

2023년 데이터 AI 트렌드 보고서를 통해 Google Cloud의 인사이트와 IDC 연구 결과 내용 중 선도 기업이 최신 정보와 경쟁력을 유지하기 위해 활용하고 있는 데이터 AI의 5가지 주요 트렌드에 대해 알아보세요. Data Cloud가 지향하는 방향과 그 이유 최신 데이터 생태계가 설계되는 방식 AI가 오늘날의 데이터 전략에 적합한 경우 비즈니스 인텔리전스(BI) 투자로 더 나은 결과를 얻기 위해 필요한 것 오늘날 가장 큰 도전과제인 데이터 보안 문제와 기업이 이를 해결하는 방법


Other News

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Spotlight

2023년 데이터 AI 트렌드 보고서를 통해 Google Cloud의 인사이트와 IDC 연구 결과 내용 중 선도 기업이 최신 정보와 경쟁력을 유지하기 위해 활용하고 있는 데이터 AI의 5가지 주요 트렌드에 대해 알아보세요. Data Cloud가 지향하는 방향과 그 이유 최신 데이터 생태계가 설계되는 방식 AI가 오늘날의 데이터 전략에 적합한 경우 비즈니스 인텔리전스(BI) 투자로 더 나은 결과를 얻기 위해 필요한 것 오늘날 가장 큰 도전과제인 데이터 보안 문제와 기업이 이를 해결하는 방법

Resources