Yukon’s information and privacy commissioner: How medical staff can avoid the risks of ransomware

With attacks up 600 per cent over last year, precautions are more important than ever

COMMENTARY

By Diane McLeod-McKay

It appears that the risk of ransomware attacks locking doctors and medical institutions out of their own files has now become a reality for some areas of Canada. Although there are no reports yet of doctors or other healthcare providers being affected by ransomware in Yukon, now is the time to ensure we are ready, if and when the time comes.

An article in the Aug. 30 National Post discusses an increase in ransomware attacks on Canadian doctors’ offices and hospitals.

Ransomware is “malware” or malicious software that installs itself on computers and other electronic devices. It encrypts the entire hard drive, or specific files, and then demands a ransom be paid before the information is decrypted.

The article warned that hackers have been targeting Canadian doctors and hospitals in this way, indicating that a major healthcare organization in Ontario reported that it is “getting physicians on a regular basis saying, ‘I have a computer, I got locked out, I have ransomware.’” The article also reported that there has been an estimated 600 per cent increase in ransomware attacks in the past year.

Once computers or systems are infected with this kind of malware, doctors or medical institutions are ordered to pay a ransom in bitcoin, to regain access to their files. The risks posed by these attacks are significant. During a ransomware attack, all files (including patient information) stored on the computer are inaccessible. With this information unavailable to healthcare providers, there are serious risks to patient safety and care. A doctor can be missing key aspects of a patient’s history while diagnosing or dealing with a health issue.

Even if the doctor’s office or institution has a backup system in place, the process to restore these files is not instantaneous and can take several hours or days. And, if the ransom is not paid by the deadline given, hackers will destroy the files, which means the important medical history of patients would be lost. There are additional risks to patient privacy, if hackers are able to access patient files during the attack.

There are a number of things that can be done to mitigate the risk of becoming a victim of a ransomware attack.

Computers in a doctor’s office can become infected when someone opens an attachment or link in an email containing malware, which is then installed when opened. Ransomware on a networked computer system can also spread to others connected to the network. Doctors and their staff need to educate themselves about how to recognize suspicious emails, and about phishing or spear-phishing attacks, which lure people into providing information that enables hackers to gain access to their computers and systems.

Doctors’ offices must ensure they have good information security practices and policies that include regular backup of computer files.

It is also important to have a documented breach management process, so valuable time is not lost trying to navigate the steps necessary to address an attack. Yukon’s Health Information Privacy and Management Act (HIPMA) has specific requirements that doctors must meet when a privacy breach occurs. I encourage doctors to familiarize themselves with these requirements and build them into their breach management procedures.

While doctors’ offices are currently being targeted for ransomware attacks, other healthcare providers could be next. I strongly recommend that all healthcare providers examine their information security management procedures and take the steps necessary to address the risks associated with a ransomware attack.

My office recently issued a Ransomware Advisory which provides more detail on how these attacks occur, how to prevent them, and what steps to take to respond to an attack. It is available on our website at www.ombudsman.yk.ca. You can find it in the Yukon Information and Privacy Commissioner section of the website, under the tab entitled “For Custodians.”

This fall, we will be presenting privacy breach management workshops for healthcare information custodians (as set out under HIPMA) that will specifically address these risks.

My office is also available by phone if you have concerns or questions about ransomware or the upcoming workshops, at 867-667-8468, or toll-free in Yukon at 1-800-661-0408, ext 8468.

Diane McLeod-McKay is the Information and Privacy Commissioner of the Yukon.

informationInfoSecYukon government

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

During our recent conversation, John Nicholson showed me snapshots of his time working on the Yukon riverboats 70 years ago. (Michael Gates)
History Hunter: Yukon man relives the riverboat days after seven decades

John Nicholson took summer work on Yukon steamers in the 1950s

A cyclist rides along the Millenium Trail in downtown Whitehorse on a frigid Feb. 9. Whitehorse city council has passed the first two readings of an e-bike bylaw that would designate how e-bike riders can use city trails. (Haley Ritchie/Yukon News)
First two readings passed on Whitehorse e-bike bylaw

Delegate calls on city to consider age restrictions and further regulations

Whitehorse City Hall at its Steele Street entrance. (Stephanie Waddell/Yukon News)
Change of plans approved for city hall

Project would see 1966 city hall demolished

A city map shows the property at 107 Range Road. The zoning is now in place for developers to proceed with plans for a Dairy Queen drive-thru. If plans proceed on schedule the new restaurant is anticipated to open in October. (Cyrstal Schick/Yukon News)
October opening eyed for Dairy Queen

Will depend on everything going according to plan

NDP candidate Annie Blake, left, and Liberal incumbent Pauline Frost. (Submitted photos)
Official recount confirms tie vote in Vuntut Gwitchin riding

Both candidates Pauline Frost and Annie Blake are still standing with 78 votes each

Joel Krahn/joelkran.com Hikers traverse the Chilkoot Trail in September 2015. Alaska side.
The Canadian side of the Chilkoot Trail will open for summer

The Canadian side of the Chilkoot Trail will open for summer Parks… Continue reading

A bulldozer levels piles of garbage at the Whitehorse landfill in January 2012. (Ian Stewart/Yukon News file)
Rural dump closures and tipping fees raise concern from small communities

The government has said the measures are a cost-cutting necessity

Letters to the editor.
Today’s mailbox: Hands of Hope, the quilt of poppies

Toilets are important Ed. note: Hands of Hope is a Whitehorse-based non-profit… Continue reading

Whitehorse City Hall (Yukon News file)
City news, briefly

A look at city council matters for the week of April 12

École Whitehorse Elementary Grade 7 students Yumi Traynor and Oscar Wolosewich participated in the Civix Student Vote in Whitehorse on April 12. (Haley Ritchie/Yukon News)
Yukon Student Vote chooses Yukon Party government; NDP take popular vote

The initiative is organized by national non-profit CIVIX

Yvonne Clarke is the newly elected Yukon Party MLA for Porter Creek Centre. (Submitted/Yukon Party)
Yvonne Clarke elected as first Filipina MLA in the Yukon Legislative Assembly

Clarke beat incumbent Liberal Paolo Gallina in Porter Creek Centre

Emily Tredger at NDP election night headquarters after winning the Whitehorse Centre riding. (Stephanie Waddell/Yukon News)
Emily Tredger takes Whitehorse Centre for NDP

MLA-elect ready to get to work in new role

Chief Medical Officer of Health Dr. Brendan Hanley. (Crystal Schick/Yukon News)
Two new cases of COVID-19 variant identified in territory

“If variants were to get out of control in the Yukon, the impact could be serious.”

Most Read