Funding for eHealth to shore up defences after ransomware attack

Saskatchewan is dedicating more dollars to shore up the health system’s defences five months after a winter cyber attack in which hackers made off with a score of encrypted files.

Read full article featuring iSecurity in Saskatoon StarPhoenix.

This year’s provincial budget includes an “unprecedented” $13.6 million in capital funding and $7.4 million in operational funding that eHealth says will help it continue to upgrade data storage and security features, including work on a disaster recovery plan, as recommended by the provincial auditor’s office in 2017.

“Longer term work on reorganizing and restructuring eHealth’s IT architecture in line with recommendations from Microsoft and SaskTel will continue in coming months,” eHealth spokesman Ian Hanna wrote in a prepared statement.

A prepared statement from Ministry of Health spokeswoman Colleen Book said the new funding is “not directly related to the malware incident” but will ensure “eHealth has capacity and funding in place to plan, mitigate and respond to risks and incidents in the future.”

The agency still doesn’t know what was stolen in the Dec. 20 ransomware attack on its system, it says, because hackers encrypted the files before sending them to suspicious European IP addresses.

Deputy health minister Max Hendricks said on Monday at a meeting of the government’s standing committee on human services that he could not reveal the information immediately, because those details could affect insurance claims and might be legally sensitive.

“You have to go through literally thousands of computers across the system and find out what activity has taken place,” Hendricks said.
The province’s privacy watchdog is investigating.

NDP Health critic Vicki Mowat said she’s concerned by the lack of communication.

“People want to know and deserve to know that their personal health information is protected. In this case, the government can’t guarantee that,” she said.

Raheel Qureshi, a partner at Toronto cybersecurity firm iSecurity, said attacks like this should be a “wake-up call” to health care systems, which are increasingly the target of such attacks.

While Qureshi is not working directly with eHealth, he said the five-month wait suggests that the agency is still analyzing the files, seeking outside help or hasn’t managed to determine what was lost.

In as many as 50 per cent of ransomware cases, the investigation is inconclusive — meaning it’s not clear exactly what was stolen, he said.

That can be a problem, since hackers regularly threaten to sell personal health data on the Internet’s black markets. While eHealth says it’s employed specialized firms to keep an eye on those forums, it can be hard to assess how much leverage the attacker has. eHealth says no ransom has been paid.

“It could be that they haven’t looked at the right sources, or the hackers are holding it close to their heart, or there’s nothing to look for,” Qureshi said.

Organizations like eHealth can build a better wall by investing in 24/7 security monitoring to catch threats early and hiring hackers for “exercises” to look for gaps, he said. They can also work on “segmenting” the system so that a hack in one part doesn’t spread as quickly, he added.

He says these measures cost money and demand work, but should not be optional.

“They have to implement some of these controls,” he said. “There’s no excuse for it. I don’t buy that anymore.”

By: Zak Vescera | @zakvescera