The recent discovery came to light during the organization’s forensic analysis.
“There were some files that did leave our organization and went to some suspicious IP addresses in Europe,” said Jim Hornell, CEO of eHealth.
The files are locked by the attacker, making it difficult for eHealth to determine what’s on them.
“At this point, we have no indication whatsoever that there was any personal health information of people on those files,” Hornell said. “But we can’t say with 100 per cent certainty.”
The files were stolen from a server that does not store any personal health information of patients said Hornell. However, this still needs to be verified through a more thorough investigation.
eHealth is looking to crack the password to see the locked files. They also hired a third-party expert to search the internet to see if the files are being sold.
“We have yet to receive a ransom which is a good sign really that this has been thwarted, but I’d be remised not to alert people circumstances have changed,” Hornell said.
The government agency fell victim to the ransomware attack on Jan. 5 when a message popped up on their system asking for a bitcoin payment. eHealth did not pay the attackers and were able to restore their files through back-ups.
MySaskHealthRecords are stored on a cloud-based service through a noted national telecom organization and was not impacted by the ransomware, Hornell said.
Although eHealth knows how the attack happened, they won’t disclose the cause at this time.
“It was within our system,” Hornell said.
eHealth provides services to over 50,000 employees in the health system in Saskatchewan. They have over 27,000 desktops and another 7,000 virtual units. They also partner with numerous agencies like the Saskatchewan Health Authority and the Saskatchewan Cancer Agency.
“We’ve been advising people ‘don’t go to websites, don’t open emails’. I mean at any given day with any healthcare organization there are hundreds of thousands of attempts to crack into our systems,” Hornell said. “This particular virus seems to focus on health organizations, financial industry and media.”
Hornell said their investigation has “cost significant dollars” but wouldn’t disclose how much.
“Let’s face it — this is some of the most vital assets of the province of Saskatchewan and we take protecting it very seriously. We want to make sure we do everything we can,” Hornell said.
Should it come to light that personal information was taken, eHealth said they will notify people immediately along with Saskatchewan’s Information and Privacy Commissioner.