(File photo/CJME News Staff)

By Pat Book/CJME News

eHealth ransomware ‘one of the largest privacy breaches’ in Saskatchewan history

Jan 8, 2021 | 10:34 AM

Saskatchewan’s privacy commissioner has confirmed that last year’s eHealth ransomware attack resulted in one of the biggest privacy breaches in the province’s history.

In a report issued Friday, the Information and Privacy Commissioner Ron Kruzeniski outlined how it happened. On Dec. 20, 2019, a Saskatchewan Health Authority (SHA) employee opened an infected file from an email on their personal device. Because it was connected to an SHA computer, the infected file was able to execute ransomware on the computer, and a “multi-phase exploit” took place for more than two weeks, which affected fileshares on the network that holds around 50 million files belonging to eHealth, SHA, and Health Ministry documents. On Jan. 5, 2020, the attackers started making demands.

On Jan. 21, 2020, eHealth discovered that malicious users in Germany and the Netherlands had extracted about 40 gigabytes of encrypted data. Work done by eHealth eventually determined that more than 547,000 files may have been accessed that contain personal information, personal health information, or both.

The report notes that the SHA employee and eHealth had three opportunities where the ransomware could have been detected sooner. Kruzeniski found eHealth’s should have more fully investigated two “early threat occurrences” that could have prevented the data extraction, and that eHealth, the SHA and the Health Ministry all failed to notify residents quickly enough.

“eHealth is charged with collecting, storing and protecting the most sensitive health data in our province,” says Information and Privacy Commissioner Ron Kruzeniski. “Each of us has personal health information in eHealth’s systems. It is absolutely reasonable that each citizen demand the very highest level of security on our health information. To accept less is irresponsible.”

RPCN Artist

'Felt like a movie': Chris Chipak making waves in the art world

1h ago

Russia-Ukraine War

In a first, President Biden gives green light for Ukraine's use of U.S.-supplied long-range missiles in Russia

Nov 17, 2024

Riderville

Shades of 2007

Nov 15, 2024

Kruzeniksi made several recommendations to prevent a similar situation, including:

• That eHealth undertake a comprehensive review of its security protocols to include an in-depth investigation when early signs of suspicious activity are detected;
• That the SHA and Health take immediate steps to provide mass notification including media releases, newspaper notices, website notices and social media alerts;
• That eHealth, the SHA and Health work together and provide identity theft protection, including credit monitoring, to affected individuals for a minimum of five years from the date an affected individual’s information is discovered on the dark web or to any concerned citizen who requests this protection;
• That eHealth review whether it should have IT security staff in place 24 hours a day, seven days a week to actively monitor and investigate potential threats;
• That all eHealth and eHealth partners be required to complete cyber security and privacy refresher training on an annual basis; and
• That the Minister of Health immediately commence an independent governance, management and program review of eHealth based upon the concerns put forward by SaskTel, the Provincial Auditor and this Report.

In the immediate aftermath of the discovery of the ransomware last January, eHealth initially claimed no breach occurred; that claim was walked back a few weeks later. In anticipation of Kruzeniski’s report, the province admitted in a news release on Dec. 22, 2020 that it could not confirm that private information was accessed.