sa¹ú¼Ê´«Ã½

Skip to content
Join our Newsletter

Cyberattacks on health authority, province, London Drugs not related: premier’s office

The First Nations Health Authority is the latest high-profile victim of a cybersecurity ransomware attack in the province
web1_vka-londondrugs-10774
A closed London Drugs store in Colwood on April 29. The cyberattack on London Drugs’ electronic files, discovered April 28, resulted in the closure of 79 retail and pharmacy stores until May 7. DARREN STONE, TIMES COLONIST

A state or state-sponsored cybersecurity attack on the government of sa¹ú¼Ê´«Ã½’s network is not related to recent ransomware attacks on the First Nations Health Authority and London Drugs networks, according to the premier’s office.

The province’s network was hacked on April 10, and again on April 29 and May 6. The government blamed a state or state-sponsored actor, and determined it was not a ransomware attack and no sensitive information was compromised.

“The cybersecurity incident the sa¹ú¼Ê´«Ã½ government is addressing is not related to the one faced by London Drugs, nor is it related to the one faced by FNHA,”said a statement from the premier’s office on Wednesday.

The First Nations Health Authority is the latest high-profile victim of a cybersecurity ransomware attack in the province. It said it discovered the breach on May 13 and “immediately deployed countermeasures to block the unauthorized entity’s access and prevent any further unauthorized activity.”

“While the investigation is still at an early stage, FNHA has uncovered evidence that certain employee information and limited personal information of others has been impacted,” FNHA said in a statement on its website, adding it does not believe the incident has affected any clinical information systems it uses.

The stolen information was released on INC Ransom on the dark web Wednesday.

It appears to show sa¹ú¼Ê´«Ã½ Life GroupNet plan billing data, ­procurement contracts as well as business contracts, FNHA budgets, cheques, information on dental services to remote First Nations communities, as well as records and correspondence from the Northern Health Authority.

FNHA employees were notified of the security breach on May 15.

A letter from the CEO on Tuesday indicated that the preliminary investigation suggests sensitive information that was breached included “certain financial information including corporate credit card information and some or all 2023 T4 statement of remuneration paid forms,” which was “accessed and copied by the unauthorized third party.”

All FNHA corporate credit cards were immediately cancelled and employees were instructed on May 15 to change their passwords. As a precaution, the FNHA said all of those employees who received a T4 form in the 2023 tax year will be covered for two years for free credit monitoring and identity-theft protection services.

The FNHA cyberattack comes on the heels of a systems attack on Western sa¹ú¼Ê´«Ã½-based London Drugs retail stores and pharmacies.

The cyberattack on London Drugs’ electronic files, discovered April 28, resulted in the closing of 79 retail and pharmacy stores until May 7. London Drugs said it was orchestrated by a “sophisticated group of global cybercriminals.”

A threat was posted by ransomware syndicate LockBit saying stolen data would be released unless it was paid $25 million by Thursday. The notice was removed from a ransomware website Wednesday.

Shawnigan Lake threat analyst Brett Callow, who works for Emsisoft, an anti-malware and anti-virus software firm, said the significance of the removal is unclear.

“What it’s meant in other cases of removal is that the company either paid or agreed to negotiate,” said Callow, who notes there are thousands of such cyberattacks every year.

LockBit claimed Tuesday that London Drugs had offered to pay an $8-million ransom, without providing any evidence.

Tartanbond senior vice-president Jessica Harcombe Fleming, representing London Drugs, declined to offer any further information. On Tuesday London Drugs said it is “unwilling and unable to pay ransom to these cybercriminals.”

The province said it’s continuing to work with the Canadian Centre for Cyber Security and DART, a cybersecurity training provider, to learn everything it can about the attacks on the province’s network.

The province’s online security network, upgraded at a cost of $50.8 million in 2022, repels about 1.5 billion online security threats a day, according to Shannon Salter, deputy minister to the premier and head of the public service, in an earlier report.

The government spends about $28 million each year on cybersecurity, with 76 employees dedicated to just that task.

sa¹ú¼Ê´«Ã½ Solicitor General Mike Farnworth said previously the attack was deemed sophisticated by cybersecurity experts — the hackers’ attempts to cover their tracks are apparently a hallmark of a state actor or a state-sponsored actor.

Farnworth could not explain why another state would be interested in hacking into the sa¹ú¼Ê´«Ã½ government network.

[email protected]