ST. JOHN’S, N.L. –
A new report says the cyberattack that temporarily knocked down Newfoundland and Labrador’s health-care IT systems in October 2021 was foreseeable and almost inevitable.
The 115-page report from the office of the province’s privacy commissioner concludes hackers likely stole information from the vast majority of the population.
It says the provincial government broke privacy laws by not disclosing key details quickly enough, including the nature of the attack or whether the hackers had stolen personal information.
The report also says the hackers triggered alerts within the computer systems before they deployed their attack, which were not properly investigated.
Sean Murray, who is with the privacy office and who authored the report, says a proper investigation of these alerts may have prevented or curbed the extent of the attack.
The province was hit by widespread IT outages beginning Oct. 30, 2021, involving ransomware — a type of software intended to extort money from victims.
The government disclosed in March that the attack was carried out by the Hive group — an organization that targeted more than 1,500 victims in more than 80 countries and that was dismantled by the FBI in January.
This report by The Canadian Press was first published May 24, 2023.