Toronto

'Vulnerable' Canadian hospitals may struggle to fend off cyberattacks

The ageing technology at Canadian hospitals has made them vulnerable to the type of cyber attack that recently debilitated hospitals in the United Kingdom.

150 countries have been struck by the 'WannaCry' virus, including 16 hospitals in the UK

The 'WannaCry' cyber attack encrypts sensitive data in an attempt to make its owner pay to have it released. (Mal Langsdon/Reuters)

There are concerns that Canadian hospitals are ill-prepared to fend off the type of "ransomware" cyberattack that is wreaking havoc around the world.

At least 150 countries have been affected by the so-called WannaCry virus, which has reached an "unprecedented" level, according to Europol's cybercrime unit.

The digital worm has infiltrated 16 hospitals in the United Kingdom, leading to ambulance and appointment disruptions. Oshawa's Lakeridge Health — one of Canada's largest community hospitals — was also targeted by WannaCry, but says it was able to contain and deflect the attack.

But others in the industry have fears that a more damaging attack is possible.

"Everybody's nervous," said Dr. Danielle Martin, a family physician and vice president of Women's College Hospital in Toronto. "It's a terrifying thing to imagine that people's personal health information could be extracted," she added.

Hospitals 'vulnerable' to attacks

Ransomware cyberattacks are designed to hack into a database and encrypt sensitive information, forcing its original owner to pay to have it unencrypted and returned.

While the WannaCry virus is built to scan all areas of the web, hospitals and other public sector agencies — such as Germany's national rail service —  tend to be disproportionately affected, according to Metro Morning technology columnist Jesse Hirsh.

People walk and sit on benches in front of the entrance to Lakeridge Health hospital in Oshawa.
A spokesperson for Oshawa hospital Lakeridge Health said the facility's system was able to deflect the cyberattack. (Google Earth)

Hirsh likens the virus to an automated worm "crawling across the Internet, looking for holes in computers." It just so happens that hospitals tend to offer up some of easiest access on the web.

"It's not so much that hospitals are being targeted, it's more that hospitals have old technology that's particularly vulnerable," Hirsh explained.

If the attack were successful at a Canadian hospital, Martin says it would temporarily turn the facility into a strictly "bare bones" operation, putting elective surgeries and appointments on hold. The hospital would also be forced to revert to its backup paper-based system until the digital files were recovered or restored from a backup.

A delicate balancing act

While Martin says the transition from hard copy files to a digital system has significantly improved healthcare, she acknowledges the change has opened up hospitals to new challenges as well.

For example, when a hospital keeps electronic health records and makes them available to both patients and family doctors, cyber attackers are given more opportunities to break into the system.

"Each of these things creates a new layer of risk," said Martin.

To protect that data, she says hospitals are focusing on educating staff to help protect those vulnerabilities by not opening emails from unknown sources or clicking unexpected links or files.

That last, human line of defence may be particularly needed in organizations that are unlikely to have access to the cutting edge technology that some companies are able to deploy in the event of an cyber attack. 

"Their primary job is to help people, to heal people, not to keep their technology working," said Hirsh.

ABOUT THE AUTHOR

Nick Boisvert is a multimedia journalist at the CBC's Parliamentary Bureau in Ottawa. He previously covered municipal politics for CBC News in Toronto. You can reach him at [email protected].