Cybersecurity expert says N.L. health care cyberattack is worst in Canadian history

One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security.

David Shipley, the CEO of a cybersecurity firm in Fredericton, said he's seen similar breaches before, but usually on a smaller scale.

"We've never seen a health network takedown this large, ever," Shipley said in an interview with CBC News. "The severity of this is what really sets it apart."

First discovered on Saturday morning, the cyberattack has delayed thousands of appointments and procedures this week, including almost all non-emergency appointments in the Eastern Health region.

After refusing to confirm the cause of the disruption for days, Health Minister John Haggie said Wednesday that the system has been victim to a cyberattack.

Sources have told CBC News that the security breach is a ransomware attack, a type of cybercrime where hackers gain control of a system and only hand over the reins once a ransom has been paid.

Shipley said more than 400 hospitals in Canada and the United States have been subject to ransomware attacks since the beginning of the pandemic. He said hackers target hospitals and health-care systems because of the urgent, tangible impact on everyday people.

"It has real impacts on human life and safety, and this is the worst of the worst."

Shipley said he normally argues against giving in to ransom demands, but the provincial government may have to pay up in this instance since lives are at stake. The government has not confirmed if there has been a ransom demand.

Shipley called on the federal government to provide the necessary resources to deal with the attack.

"Newfoundlanders and Labradorians should know that we are there for them as a country and we aren't just going to sit here and let people take punches at our hospitals anymore," he said. We should be hearing from our prime minister that we're going to come after the groups behind this."

Speaking with reporters on Wednesday, Haggie wouldn't say how the federal government is helping the province.

However, in an email, the Communications Security Establishment, the federal government's IT security agency, said it's in communication with N.L. provincial officials.

"We are actively engaged with government and non-government partners, sharing cyber security advice and guidance, mitigation, and operational updates," said the statement.