Ransomware attack in Nova Scotia would be a “catastrophe” | City | Halifax, Nova Scotia | THE COAST

Ransomware attack in Nova Scotia would be a “catastrophe”

Information and privacy commissioner warns municipalities, universities and provincial agencies should be regularly backing up their data.

click to enlarge Ransomware attack in Nova Scotia would be a “catastrophe”
An illustration of how computers work.

Information security in this province is in a poor state and at risk of similar cyber attacks like the ransomware that’s been paralyzing computer systems around the world.

“I would suspect that if a large British hospital is vulnerable, then a Nova Scotian hospital is,” says Catherine Tully, the province’s information and privacy commissioner.

Britain’s National Health Service became the highest-profile target last week of the WannaCry ransomware attacks. Using tools stolen from the US National Security Agency, hackers encrypted data on some 200,000 computers in more than 150 countries. The files would only be released to the individual, company or government organization if a ransom was paid—hence, ransomware.

“Business operations grind to a halt until the system is restored or replaced,” reads a 2016 report about the growing cyber-threat, written by the Washington, DC-based Institute of Critical Infrastructure Technology.

“Moreover, unlike traditional malware actors, ransomware criminals can achieve some profit from targeting any system: mobile devices, personal computers, industrial control systems, refrigerators, portable hard drives, et cetera. The majority of these devices are not secured in the slightest against a ransomware threat.”

Which is to say that protecting privacy these days requires one to be an IT expert. Admittedly, Tully is not. But in her role as commissioner, she does keep watch over the safe security of personal information gathered and stored by government agencies.

Nova Scotia’s Freedom of Information and Protection of Privacy Act requires “reasonable security arrangements” against the unauthorized collection, use and disclosure of private information. It’s a broad definition, that increasingly means being prepared for cyber attacks.

“We’re not limited to people snooping or throwing the wrong thing out in the garbage,” says Tully, about her office. “Nowadays, the biggest threats are the threats where they can grab huge amounts of data.”

One of the most enticing targets is hospitals. The ICIT report states health care system are “brutally and relentlessly targeted” with ransomware attacks “intent on leveraging patient lives against the organization’s chequebook.”

It’s unknown if Nova Scotia was impacted by the WannaCry attacks. Internal Services spokesperson Brian Taylor says his department doesn’t comment on cyber events for security reasons.

While it’s possible, Tully doesn’t think a Nova Scotian hospital is the easiest target. She says the healthcare field has the strongest privacy protection systems in the province.

“It’s the smaller organizations we interact with the most who I think are just now coming to understand the extent of their privacy and protection plans,” Tully warns.

Organizations like municipalities, agencies, commissions, libraries and even universities are all at varying levels of risk. All of them, Tully advises, should be regularly backing up their data so if users are locked out it doesn’t impact operations. The system can just be dumped and rebooted with the backup.

“That’s the thing with ransomware,” says Tully. “As long as they’ve done their backups, they don’t have to pay the ransom.”

Internal Services wouldn’t comment on how often government departments are expected to back-up their data.

“The province routinely gathers information from a variety of sources to stay current on the latest developments in the cyber environment,” writes Taylor in an email to The Coast. “On the technology side, there are ongoing, continual reviews and updates of systems, computers and networks to keep pace with new developments in the field.”

Comments (0)
Add a Comment