British Columbia's premier has revealed that a cyberattack on health officials was another ransomware incident, but experts say it appears to be the work of a different criminal group than those behind two other recent attacks.
The First Nations Health Authority, which provides services and health care to Indigenous people in the province, announced a “cybersecurity incident” on Wednesday but provided few details.
Asked about the incident during an unrelated news conference Thursday, David Eby told reporters that cyber threats are growing and that “well-known retailers like London Drugs have been victims of ransomware and now the First Nations Health Service has been hit.”
The amount of data stolen by cybercriminals and now being used to blackmail officials is substantial, and samples have already been posted on the dark web, including senior FNHA officials signing seven-figure contracts with health care providers, legal agreements with First Nations governments, and emails between health care providers and patients.
Are other health authorities also affected?
One of those emails concerns Northern Health Authority staff, so CTV News asked the health minister which other health authorities may be at risk: The FNHA only has a handful of facilities, and patients often receive care through five regional health authorities: Island Health Authority, Vancouver Coastal Health Authority, Fraser Health Authority, Interior Health Authority and Northern Health Authority.
“There is absolutely no evidence that health officials have been affected in any way by the First Nations Health Service breach,” said Adrian Dix, who appears not to have been aware of the data packages posted to the dark web. “They are taking this very seriously and are putting all the support they need into ensuring the best possible protection of both the data and the people.”
What makes this hack different?
CTV News spoke to several cybersecurity experts about this latest hack, with one pointing to sloppy coding on the contact page on the FNHA website, while another said it appears a different group of hackers are behind the London Drugs ransomware attack, as the information was posted by a different group.
“The blueprint for how these attacks unfold is very similar to what happened with London Drugs,” explains Chester Wisniewski, a security analyst at Sophos. “There's almost a manual that tells hackers how to carry out these attacks: they start with HR information, then they target finance, then they target legal, then they go through people's inboxes looking for words like 'password.'”
Eby stressed that the attack on state systems earlier this month was likely something different, but said the department would not expand funding or staffing to combat the growing threat, after investing millions of dollars in it over the past few years.
“We were able to deploy additional resources to detect and prevent cyber threats in 2022 and begin work to detect and respond to cyber attacks from nation-state actors,” he said.
Wisnkiewski warned that these issues will be very difficult to resolve.
“Nation-state actors, typically engaged in espionage or military activities, will not give up no matter how well you defend them,” he said. “The criminals behind the attacks on health officials and London Drugs are really only after money.”
