SickKids hospital has restored 80 per cent of priority IT systems

IT systems at Toronto’s Hospital for Sick Children are closer to being put back into production after last month’s ransomware attack.

The hospital said Thursday that approximately 80 per cent of priority systems, which are those that have a direct impact on hospital operations, have been restored. As a result it has canceled its Code Grey, a designation to staff of major systems problems.

The hospital’s electronic medical record (EMR) system was not impacted by the attack, but other systems that integrate with the EMR, such as dictation services, pharmacy systems, and the ability to view diagnostic imaging results, were temporarily unavailable. Most systems that integrate with the EMR have been restored, the hospital said in a news release.

A number of corporate systems were also temporarily impacted, including the hospital’s internal timekeeping system for staff, and its intranet. Some systems, such as the AboutKidsHealth website, are still being restored. 

“The hospital has determined that patients and families are unlikely to experience any significant impacts to their care,” the statement says, “and most clinical teams are no longer using downtime procedures.”

There is no evidence to date that personal information or personal health information has been impacted, the hospital added.

It stressed that no ransom payment has been made to the LockBit ransomware gang. Thirteen days after the attack, the gang issued an apology for hitting the hospital, saying an affiliate who actually did the hacking violated its rules for which organizations could be targeted and how. The rules say attackers can steal data from hospitals, but are forbidden from encrypting the data.

In addition to the apology, LockBit made a decryptor available to SickKids. The hospital says it hasn’t used that tool yet. “SickKids continues to consult with its third-party experts to determine the most efficient and effective means to restore its impacted systems, including the possible use of the decryptor,” the hospital said.

“Ransomware and other malware attacks are becoming more and more frequent and sophisticated across organizations and industries,” Nimira Dhalwani, the hospital’s chief technology officer, said in the statement. “We know those behind these attacks are always trying to find new ways to get past digital defences. Our cybersecurity measures meet a high standard, and we are confident that the safeguards and processes we have in place enabled us to respond rapidly to mitigate the impacts on hospital operations. We are working with our experts and industry partners to strengthen our collective systems wherever possible.” 

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now