Information security in this province is in a poor state and at risk of similar cyber attacks like the ransomware that’s been
“I would suspect that if a large British hospital is vulnerable, then a Nova Scotian hospital is,” says Catherine Tully, the province’s information and privacy commissioner.
Britain’s National Health Service became the highest-profile target last week of the WannaCry ransomware attacks. Using tools stolen from the US National Security Agency, hackers encrypted data on some 200,000 computers in more than 150 countries. The files would only be released to the individual, company or government
“Business operations grind to a halt until the system is restored or replaced,” reads a 2016 report about the growing cyber-threat, written by the Washington, DC-based Institute of Critical Infrastructure Technology.
“Moreover, unlike traditional malware actors, ransomware criminals can achieve some profit from targeting any system: mobile devices, personal computers, industrial control systems, refrigerators, portable hard drives, et cetera. The majority of these devices are not secured in the slightest against a ransomware threat.”
Which is to say that protecting privacy these days requires one to be an IT expert. Admittedly, Tully is not. But in her role as commissioner, she does keep watch over the safe security of personal information gathered and stored by government agencies.
Nova Scotia’s Freedom of Information and Protection of Privacy Act requires “reasonable security arrangements” against the
“We’re not limited to people snooping or throwing the wrong thing out in the garbage,” says Tully, about her office. “Nowadays, the biggest threats are the threats where they can grab huge amounts of data.”
One of the most enticing targets is hospitals. The ICIT report states health care system are “brutally and relentlessly targeted” with ransomware attacks “intent on leveraging patient lives against the
It’s unknown if Nova Scotia was impacted by the WannaCry attacks. Internal Services spokesperson Brian Taylor says his department doesn’t comment on cyber events for security reasons.
While it’s possible, Tully doesn’t think a Nova Scotian hospital is the easiest target. She says the healthcare field has the strongest privacy protection systems in the province.
“It’s the smaller
“That’s the thing with ransomware,” says Tully. “As long as they’ve done their backups, they don’t have to pay the ransom.”
Internal Services wouldn’t comment on how often government departments are expected to back-up their data.
“The province routinely gathers information from a variety of sources to stay current on the latest developments in the cyber environment,” writes Taylor in an email to The Coast. “On the technology side, there are ongoing, continual reviews and updates of systems, computers and networks to keep pace with new developments in the field.”