Yukon’s information and privacy commissioner: How medical staff can avoid the risks of ransomware

With attacks up 600 per cent over last year, precautions are more important than ever

COMMENTARY

By Diane McLeod-McKay

It appears that the risk of ransomware attacks locking doctors and medical institutions out of their own files has now become a reality for some areas of Canada. Although there are no reports yet of doctors or other healthcare providers being affected by ransomware in Yukon, now is the time to ensure we are ready, if and when the time comes.

An article in the Aug. 30 National Post discusses an increase in ransomware attacks on Canadian doctors’ offices and hospitals.

Ransomware is “malware” or malicious software that installs itself on computers and other electronic devices. It encrypts the entire hard drive, or specific files, and then demands a ransom be paid before the information is decrypted.

The article warned that hackers have been targeting Canadian doctors and hospitals in this way, indicating that a major healthcare organization in Ontario reported that it is “getting physicians on a regular basis saying, ‘I have a computer, I got locked out, I have ransomware.’” The article also reported that there has been an estimated 600 per cent increase in ransomware attacks in the past year.

Once computers or systems are infected with this kind of malware, doctors or medical institutions are ordered to pay a ransom in bitcoin, to regain access to their files. The risks posed by these attacks are significant. During a ransomware attack, all files (including patient information) stored on the computer are inaccessible. With this information unavailable to healthcare providers, there are serious risks to patient safety and care. A doctor can be missing key aspects of a patient’s history while diagnosing or dealing with a health issue.

Even if the doctor’s office or institution has a backup system in place, the process to restore these files is not instantaneous and can take several hours or days. And, if the ransom is not paid by the deadline given, hackers will destroy the files, which means the important medical history of patients would be lost. There are additional risks to patient privacy, if hackers are able to access patient files during the attack.

There are a number of things that can be done to mitigate the risk of becoming a victim of a ransomware attack.

Computers in a doctor’s office can become infected when someone opens an attachment or link in an email containing malware, which is then installed when opened. Ransomware on a networked computer system can also spread to others connected to the network. Doctors and their staff need to educate themselves about how to recognize suspicious emails, and about phishing or spear-phishing attacks, which lure people into providing information that enables hackers to gain access to their computers and systems.

Doctors’ offices must ensure they have good information security practices and policies that include regular backup of computer files.

It is also important to have a documented breach management process, so valuable time is not lost trying to navigate the steps necessary to address an attack. Yukon’s Health Information Privacy and Management Act (HIPMA) has specific requirements that doctors must meet when a privacy breach occurs. I encourage doctors to familiarize themselves with these requirements and build them into their breach management procedures.

While doctors’ offices are currently being targeted for ransomware attacks, other healthcare providers could be next. I strongly recommend that all healthcare providers examine their information security management procedures and take the steps necessary to address the risks associated with a ransomware attack.

My office recently issued a Ransomware Advisory which provides more detail on how these attacks occur, how to prevent them, and what steps to take to respond to an attack. It is available on our website at www.ombudsman.yk.ca. You can find it in the Yukon Information and Privacy Commissioner section of the website, under the tab entitled “For Custodians.”

This fall, we will be presenting privacy breach management workshops for healthcare information custodians (as set out under HIPMA) that will specifically address these risks.

My office is also available by phone if you have concerns or questions about ransomware or the upcoming workshops, at 867-667-8468, or toll-free in Yukon at 1-800-661-0408, ext 8468.

Diane McLeod-McKay is the Information and Privacy Commissioner of the Yukon.

informationInfoSecYukon government

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Diane McLeod-McKay, Yukon’s Ombudsman and information and privacy commissioner, filed a petition on Dec. 11 after her office was barred from accessing documents related to a child and family services case. (Crystal Schick/Yukon News file)
Yukon government rejects Ombudsman requests for documentation filed to Supreme Court

Diane McLeod-McKay filed a petition on Dec. 11 after requests for documents were barred

Buffalo Sabres center Dylan Cozens, left, celebrates his first NHL goal with defenceman Rasmus Ristolainen during the second period of a game against the Washington Capitals on Jan. 22 in Washington. (Nick Wass/AP)
Cozens notches first NHL goal in loss to Capitals

The Yukoner potted his first tally at 10:43 of the second period on Jan. 22

Rodney and Ekaterina Baker in an undated photo from social media. The couple has been ticketed and charged under the Yukon’s <em>Civil Emergency Measures Act</em> for breaking isolation requirements in order to sneak into a vaccine clinic and receive Moderna vaccine doses in Beaver Creek. (Facebook/Submitted)
Former CEO of Great Canadian Gaming, actress charged after flying to Beaver Creek for COVID-19 vaccine

Rod Baker and Ekaterina Baker were charged with two CEMA violations each

Yukonomist Keith Halliday
Yukonomist: Are they coming?

One of COVID-19’s big economic questions is whether it will prompt a… Continue reading

Yukon MP Larry Bagnell, along with Yukon health and education delegates, announce a new medical research initiative via a Zoom conference on Jan. 21. (Screen shot)
New medical research unit at Yukon University launched

The SPOR SUPPORT Unit will implement patient-first research practices

The bus stop at the corner of Industrial and Jasper Road in Whitehorse on Jan. 25. The stop will be moved approximately 80 metres closer to Quartz Road. (Crystal Schick/Yukon News)
Industrial Road bus stop relocated

Transit users making their way on routes along Industrial Road will notice… Continue reading

The Royal Canadian Mounted Police detachment in Faro photgraphed in 2016. Faro will receive a new RCMP detachment in 2022, replacing the decades-old building currently accommodating officers. (Joel Krahn/Yukon News file)
Faro RCMP tagged for new detachment

Faro will receive a new RCMP detachment in 2022, replacing the decades-old… Continue reading

In a Jan. 18 announcement, the Yukon government said the shingles vaccine is now being publicly funded for Yukoners between age 65 and 70, while the HPV vaccine program has been expanded to all Yukoners up to and including age 26. (1213rf.com)
Changes made to shingles, HPV vaccine programs

Pharmacists in the Yukon can now provide the shingles vaccine and the… Continue reading

Parking attendant Const. Ouellet puts a parking ticket on the windshield of a vehicle in downtown Whitehorse on Dec. 6, 2018. The City of Whitehorse is hoping to write of nearly $300,000 in outstanding fees, bylaw fines and court fees, $20,225 of which is attributed to parking fines issued to non-Yukon license plates. (Crystal Schick/Yukon News file)
City of Whitehorse could write off nearly $300,000

The City of Whitehorse could write off $294,345 in outstanding fees, bylaw… Continue reading

Grants available to address gender-based violence

Organizations could receive up to $200,000

In this illustration, artist-journalist Charles Fripp reveals the human side of tragedy on the Stikine trail to the Klondike in 1898. A man chases his partner around the tent with an axe, while a third man follows, attempting to intervene. (The Daily Graphic/July 27, 1898)
History Hunter: Charles Fripp — gold rush artist

The Alaskan coastal town of Wrangell was ill-equipped for the tide of… Continue reading

A man walks passed the polling place sign at city hall in Whitehorse on Oct. 18, 2018. While Whitehorse Mayor Dan Curtis is now setting his sights on the upcoming territorial election, other members of council are still pondering their election plans for the coming year. (Crystal Schick/Yukon News file)
Councillors undecided on election plans

Municipal vote set for Oct. 21

Whitehorse City Hall. (Joel Krahn/Yukon News file)
City hall, briefly

A look at decicions made by Whitehorse city council this week.

Most Read