Newfoundland forced to revert to ‘paper-based system’ after possible cyber attack on health-care network

A catastrophic computer network failure that’s forced Newfoundland and Labrador’s health-care workers to revert to a “paper-based system” may be a sign of cyber attackers getting better at what they do.

Thousands of Newfoundlanders in need of non-emergency surgeries, cancer treatment and diagnostic imaging have had their appointments cancelled after an IT failure that was reported over the weekend.

While emergency care continues, doctors and nurses have had to resort to pen and paper for many of the administrative tasks that would ordinarily by accomplished by their computer networks.

“We know only what we know, which is that we have a possible cyber attack. It has taken out the brain of the data centre,” said Health Minister John Haggie, during a news conference Monday.

“Our main aim here, between the department and the health authorities, is to mitigate the effect and maintain some continuity of service for the people of this province who need treatment for which they cannot wait.”

The possible cyber attack comes on the heels of two incidents last week — a ransomware attack on the TTC, which shut down vital communications systems, and a reported attack on the city of Clarence-Rockland, Ont., after which the city shut down its email service as a precaution. And in early 2020, a ransomware virus started to encrypt data on the P.E.I. government network before IT staff there were able to contain it.

One cyber-security company says that the frequency of such attacks has not necessarily increased over the past several months, but that the skill of the attackers has been growing, to the point that they are pursuing bigger — and more lucrative — targets.

Last year, there were more than 4,200 cyber attacks in Canada, says Brett Callow, a threat analyst with Emsisoft. The cyber-security firm has particular expertise in ransomware — those cyber attacks in which the perpetrators threaten to delete or encrypt an organization’s data unless they’re paid off.

Most of those attacks were directed at small businesses, which meant the incidents didn’t draw as much media attention and often stayed under the radar. Still, those attacks cost Canadian businesses an estimated $659…