MOH, OPP assisting in investigation of suspected ransomware attack at Kingston hospital

Hotel Dieu Hospital, a Kingston Health Sciences Centre (KHSC) site. Photo by Lucas Mulder.

A number of government agencies are assisting in the investigation into a suspected ransomware attack at Kingston Health Sciences Centre, according to the Ministry of Health.

“The Ministry of Health is aware of a potential REvil Ransomware incident at Kingston Health Science Centre. Kingston Health Science Centre is continuing to investigate their systems for signs of REvil ransomware and have brought in a third party to assist with the investigation. No compromised systems have been identified at this time and the investigation remains ongoing,” said Miriam Mohamadi, a spokesperson for the Ministry of Health.

“The Ministry of Health, Ministry of Government and Consumer Services Cyber Security Centre of Excellence, and Ontario Health are monitoring and taking the necessary steps to ensure assets and information are protected.”

The Ontario Provincial Police (OPP) have also been made aware of this issue and are actively investigating, Mohamadi said.

When approached with a number of questions regarding the matter, KHSC did not share many details.

“We have provided the information about the incident at KHSC,” a spokesperson for KHSC said on a phone call in the late afternoon of Friday, Nov. 6, 2020. “We have appropriate protocols in place to safeguard data and ensure ongoing resiliency of our systems.”

For further insight on what REvil Ransomware is and how it works, Kingstonist spoke with David Skillicorn, a Professor at Queen’s University’s School of Computing and Adjunct Professor in the Mathematics and Computer Science department of the Royal Military College. Skillicorn noted that KHSC’s website is up and running again, which poses the question: Did they restore their system while investigating the matter, or do they know what happened?

“Maybe they were just really good at their backups and they got everything back up and running fairly quickly, which is good to see if it’s true,” Skillicorn said.

“Part of the puzzle is: how do they know that they were actually hit unless something was actually taken out.”

Skillicorn described the REvil Ransomware, which is possibly…