While Newfoundland and Labrador continues to struggle with a cyberattack on its health-care systems, a cybersecurity expert and a politician from Ireland are sharing their experiences with a ransomware attack on their own public hospitals earlier this year.
Ossian Smyth, Ireland’s minister of state for e-government, told CBC News on Wednesday that when Ireland’s national health system was attacked by a criminal gang demanding $20 million in bitcoin, they acted quickly.
“Our response, right away, was to shut down every computer on our health-care system,” said Smyth. The Irish government also refused to pay the ransom, he said, which came with two big risks: that the hackers would erase the health records, or that they would release potentially sensitive information from the records online.
That largely didn’t happen; the gang provided the Irish government with the decryption key while still threatening to sell the data. Experts suggested that with the ransom demand being refused, the gang could have been trying to defuse the situation — or were planning to make good on the threat to publish. In the end, the information of 520 patients wound up online.
Simon Woodworth, program director of the University College of Cork’s master’s program in cyber risk for business, said while the government may have received the decryption key for free, rebuilding the public health system was still an expensive and lengthy process.
“It took about three months for a semblance of normality to return,” Woodworth said. He said although Irish health authorities were able to gain access to their system again, that system could no longer be trusted.
“There could still be land mines in there, if you like, left by the attackers for future attacks,” he said.
Woodworth said initial cost estimates to rebuild the system was about $144 million Cdn, but he said the cost will exceed that, and could be as much as $720 million.
Sources have told CBC News that Newfoundland and Labrador’s health-care systems is under a ransomware attack, but provincial officials have not confirmed that.
Woodworth said he doesn’t blame the government for being guarded with what’s going on because no one wants to speculate on the nature of a cyberattack until all the facts are available. But, he said, if Newfoundland and Labrador is experiencing a ransomware attack, the government needs to be more open about what its policy is.
“The policy should be we are not paying a ransom, nor will we deal with these criminals directly,” Woodworth said. While many private companies will pay a ransom, he said, it may not always be wise to do so.
“If you pay a ransom to these attackers, you are effectively supporting their business model. So you’re incentivizing them to do it again,” Woodworth said. “And you’re financing them to launch further attacks on other people.”
There’s also no guarantee the hackers will hold up their end of the deal. In May, the U.S.-based Colonial Pipeline Company was attacked, paid $4.4 million US to get the ransomware key, only to discover that it worked so slowly that it was the company’s own backups that got its systems back online.
Smyth said his advice for Newfoundland and Labrador is to contact friendly governments that have much larger cybersecurity budgets.
“You can only solve this by co-operating with other larger military and intelligence people,” he said, adding the Irish government can use its own experience to help Newfoundland and Labrador’s government any way it can.
Read more from CBC Newfoundland and Labrador