Some medical appointments are expected to be delayed following a cyberattack that has forced the health board that manages Montreal’s Jewish General Hospital to disconnect its servers from the Internet.
The breach occurred just as U.S. authorities and cybersecurity firms warned this week that criminals are deliberately targeting hospitals with ransomware – malicious computer codes that shut down institutional servers in an attempt to extort a payment.
“It’s not just in Quebec, it might be broader than that, this breach,” Quebec Health Minister Christian Dubé told reporters Thursday.
“The Cyber Centre is aware of a recent ransomware campaign targeting Canadian health organizations,” said Evan Koronewski, a spokesman for the Communications Security Establishment.
The CSE is an intelligence agency that runs a subunit known as the Canadian Centre for Cyber Security. The centre issues public warnings about a variety of hacking threats.
FireEye, the parent company of the well-known American cybersecurity firm Mandiant, says that the attacks against hospitals were launched by an Eastern European hacking group known as UNC1878.
“We’ve seen Canada-based organizations impacted by UNC1878′s ransomware operations,” FireEye spokeswoman Sarah Coutermarsh told the Globe and Mail.
“UNC1878 is one of most brazen, heartless, and disruptive threat actors I’ve observed over my career,” FireEye chief technical officer Charles Carmakal said in a statement
The Montreal breach affected a local health board known by its French name, CIUSS Centre-Ouest. Its main hospital is the Sir Mortimer B. Davis Jewish General Hospital
As a precaution, remote access and Internet connection were shut down and staff were instructed for the next three days to print or save on a memory key any documents they are creating. “I realize that this task is likely to be time-consuming. However, this proactive precautionary measure is essential,” Dr. Rosenberg’s memo said.