An unauthorized third party gained access to the public healthcare system in the Canadian province of Newfoundland and Labrador (N.L.) in a cyberattack.
The attack was discovered on Saturday, October 30 and was not officially confirmed until last week by N.L. Health Minister John Haggie. The cyberattack targeted the province's healthcare system, delaying all non-essential appointments until further notice.
Haggie detailed the measures the province has instituted since the attack in a press conference, saying that N.L. has engaged cybersecurity experts to resolve the issue and has "informed the appropriate authorities." The health minister did not confirm other details of the attack, citing the possibility that the cyberattackers could be monitoring press.
The investigation into the source of and damages caused by the cyberattack is ongoing.
One of the largest health systems in N.L., Eastern Health, has been operating with a largely paper-based system since October 30. The hospital system has drastically reduced their services since the attack was first discovered over a week ago.
The cyberattack, manifesting in an IT system outage, has caused the cancellation of all non-urgent imaging and blood collection appointments, as well as a reduction in the amount of chemotherapy sessions performed in the hospital system. Eastern Health resumed radiation therapy appointments for cancer patients on November 6, one week after the attack was detected.
The cyberattack also complicated the province's COVID-19 response. An outbreak in Marystown and surrounding areas had caused the government to advise residents of the Burin Peninsula to get tested for the virus, but many of those appointments were cancelled. In response to the attack, the hospital system listed phone numbers for residents to reschedule a test and created a temporary help line for critical health situations.
Affecting the scheduling, communications and payment systems of Eastern Health, the cyberattack appears to be widespread. The hospital system has begun to receive external email again, but some phone lines are still affected. Eastern Health reported that their payment systems to suppliers and vendors were also targeted by the attack.