According to the Canadian Centre for Cyber Security, there’s been an increase in cyber threats related to the COVID-19 pandemic. A portion of that has been against the country’s front-line health-care and medical research facilities.
In June, a ransomware attack forced Toronto’s Humber River Hospital to declare a code grey, meaning loss of essential services. More recently, a cyberattack on Newfoundland and Labrador’s health network data centre resulted in the cancellation of thousands of medical appointments.
Last week, Headwaters Health Care Centre in Orangeville, Ont., announced its systems had been “been subjected to unauthorized access.” The hospital has since begun working with cyber security experts to help safely restore IT services and launch an investigation into what happened, and whether sensitive data was compromised.
“We have never seen this swell of attacks across all sectors, but acutely targeting areas that we feel it the most and causes the most pain, and health care being top of that list,” said David Shipley, CEO of Beauceron Security.
While not all of the attacks have been classified as ransomware, the 2018 National Cyber Threat Assessment (NCTA) identified it as the most common form of malware used for extortion against Canadians.
According to NCTA 2020, cybercriminals have more recently been engaging in big game hunting, honing in on “large enterprises that will not tolerate sustained disruptions to their networks,” and are willing to pay bigger ransoms to restore operations swiftly.
The report also points to researchers estimating that the average ransom demand increased by 33 per cent since Q4 2019 to nearly $150,000 in Q1 2020.
On the higher end, Shipley said some entities are seeking out millions of dollars.
“I can’t put it any more simply than this: imagine your chemo treatment for your cancer is cancelled because the hospital can’t deliver it, doesn’t even have access to what chemo drugs you were on.”
“This is classic organized crime in 21st century form, and it uses technologies that we use for good every day — encryption — which are the things that we rely on to do our banking securely, to hurt us.”
The money being sought is often transferred as cryptocurrency. Although not impossible to trace, security expert Christian Leuprecht says it is more challenging.
“In a ransomware attack, people breach your network in order to compromise your data. Usually that means taking your data hostage, essentially encrypting your data, and then telling you if you provide a certain amount of money, then we will send you a key to decrypt your data,” he explained.
Leuprecht says the anonymity of cryptocurrency is a major driver of ransomware, and the people responsible tend to be located outside of jurisdictions where Canadian officials can investigate and prosecute.
South of the border, Colonial Pipeline — which found itself the victim of a Russian-based hacker group — paid out $4.3 million. The Justice Department was able to recover the majority of it.
Leuprecht considers the move a shot across the bow.
“If you go after U.S. critical infrastructure, you might get paid, but we’re going to be able to repatriate most of that money, so it’s not going to be worth your while,” he said.
In July, the Canadian government joined allies in blaming China for a massive hack on Microsoft exchange serves.
The attack put several thousand Canadian entities at risk. Worldwide, around 400,000 servers were affected.