Toronto’s Humber River Hospital hit by ransomware

Ransomware background
Source: undefined | Getty Images

One of the country’s biggest and newest hospitals has been hit by ransomware.

Toronto’s 722-bed Humber River Hospital, which serves the northwest sector of the city, said today it’s the latest Canadian organization to be victimized. Opened in 2015, it was said at the time to be North America’s first digital hospital.

In a news release, the hospital noted that about 2 a.m. on Monday it suffered what it called “a zero-day ransomware of a new malware variant.”

According to hospital public affairs director Joe Gorman, the IT network was immediately shut.

“Since our systems are constantly updated (most recent patching June 13) and monitored this was discovered almost immediately and all IT systems were shut down, including our patient health records system,” the hospital said in a statement. “Ransomware usually encrypts files and then once most are encrypted asks for ransom. Since we shut down quickly, encryption is not an issue, although we are dealing with some corrupt files.

“The IT department has been working with an external recovery firm who are assisting by being in the facility and online with the recovery planning. We have over 5,000 computers (800 of which are servers) each will be restarted manually; the patch (just developed by Symantec) will be added to each computer and then each system recovered as required. We will bring systems back online in a staggered approach over the next 48 hours. It is important to know that no confidential information was released.”

The news release also says a number of clinics have been cancelled and concierge staff are assisting impacted patients. Surgeries will continue as planned and emergency department services are still running but on “ambulance redirect.”


Humber River’s iPlan solution

In the interview, Gorman said the attack hasn’t affected the institution’s COVID-19 vaccination site, which is located in an arena several blocks from the hospital. Yesterday the site handled 2,000 patients, and he expects the same number will be vaccinated today.

“There are longer waits than usual to our standards” in the emergency ward, Gorman added. “We have posted outside the hospital that due to unforeseen circumstances the wait could be longer [than normal.]”

No ransomware note has yet been sent by the attackers, Gorman said. He believes the IT department has identified the ransomware variant.

As for the restoration of IT service, Gorman was optimistic. “Hopefully by tonight part of it will be back up and by tomorrow afternoon the rest of it will be up.”



Please enter your comment!
Please enter your name here