Cyberattack against child welfare agency under investigation

The Southern First Nations Network of Care says it was victim of a cyberattack in the early hours of Nov. 21 which has potential impacts on eight Child and Family Services agencies in Manitoba.

The major breach of the agency's information and technology system that forced a complete system shutdown is being treated as a criminal investigation, a spokesperson for the agency announced during a press conference in Winnipeg on Sunday afternoon.

Southern First Nations Network of Care spokesperson Jim Compton said the organization is working to determine the scope and origin of the attack and what personal information could have been accessed.Thousands of foster children, their families and foster parents may have had their data hacked.

"There is all kinds of information on there that could be compromised," he said. "At this point, we really don't know what. But what we do know is that the system is not working, and we have to come up with a contingency plan."

The network oversees 10 CFS agencies, which care for children from more than 30 First Nations representing about 15,000 community membersin southern Manitoba.

Compton said eight of those agencies were affected:

• Animikii Ozoson Child & Family Services.
• Anishinaabe Child andFamily Services.
• Dakota Ojibway Child andFamily Services.
• Intertribal Child andFamily Services.
• Peguis Child andFamily Services.
• Sagkeeng Child andFamily Services
• Southeast Child andFamily Services.
• West Region Child andFamily Services.

Two others Child andFamily All Nations Co-ordinated Response NetworkandSandy Bay Child andFamily Services were not affected because they use a different system, he said.

Compton said the system held information on children in care and their families, including case files and payment information for foster families.

"We thought we had a good system in place. That's why we had eight of our agencies on there," he said. "We thought we had the system protected, and it was breached."

Compton suggested someone illegally entered the agency'ssystem and infected it with ransomware. He said he doesn'tknow where the attack came fromor who was behind it.

Virus breach

An IT manager of one of the unaffected Southern agencies who was brought in to assist confirmed it was a virus breach.

"They identified the issue, they isolated the issue, they tried to cleanse it the best they could, and they tried to restore from backup," said Justin Richard, the IT manager of Sandy Bay Child and Family Services. "Once they realized that restoration was going to be an issue, we escalated the problem."

Richard saidservers on site were unable to remedy the issue. He said they believe a virusintroduced into system created the problems, and while the data is still intact, they are having trouble accessing it.

Generally speaking, if data is compromised, there will typically be a largespike in information leavingthe network but that was not the case here, he explained.

Margaret Swan, the Southern First Nations Network of Care board chair, said she wanted to to limit what information about the breach is made available to the public given the nature of the investigation. Swan would not comment on whether the attackers demanded ransom, or if anything was provided.

"I just want to ensure that we limit what we put out here publicly," Swan told media. "It's very serious."

The acting CEO of Southern First Nations Network of Care said during the press conference that all agencies have implemented their contingency plans and are working withteams to limitdisruption.

"Quite simply, we do not have access to any sort of computers,"Clemene Hornbrooksaid.

Hornbrook said they held an meeting with the province to request emergency assistance. As an authority, she said they currentlyreceive$713,000annually for IT services.

All chiefsof the Southern Chiefs Organization have been briefed on the breach.

A spokesperson for Manitoba's Advocate for Children and Youth said the advocate's office was informed of the breach early Saturday by the provincial department of families and the Southern Authority.

"This is a very serious matter and we are extremely concerned," the spokesperson said in an emailed statement. "Our office is monitoring the situation, particularly how the confidential information of children and families is being protected, as well as the ability of the CFS system to provide ongoing service to Manitoba families."

In a news release Sunday afternoon, Manitoba Families said it was advised of the breach late Friday, and immediately took steps to ensure provincial systems and information remained safe.

The province is offering technical support and other resources to assist the Southern Network, and hasbeen working collaboratively with other child welfare authorities to support service delivery in the southern agencies and across the province, the release said.

Staff from the Child and Family All Nations Co-ordinated Response Network will be available to provide necessary information to child welfare partners by phone or fax, including outside of business hours. The province is also limiting remote access to its computer systems to ensure security as this issue is resolved, the release said.

The province said the Canadian Centre for Cyber Security is investigating.

Compton said the Southern Authorityhas contactedthe RCMPabout the attack, and hasalso hired an independent company to determine what happened. RCMP confirmed itsIntegrated Technological Crime Unit (ITCU) is investigating. Police have not provided further details.

The Southern Authority held a press conference Sunday afternoon to release further details on what he called "a sophisticated attack" that infected their system with ransomware, rendering it unusable. Because the system is down, Compton said, they will have to access information for about 5,000 children in its care manually.

Compton said it is not known yet how many people are affected, but said personal information of children, families and foster families could be compromised.

Cyberattack against child welfare agency

5 years ago

Duration 2:42

The Southern First Nations Network of Care says it was victim of a cyberattack in the early hours of Nov. 21 which has potential impacts on eight Child and Family Services agencies in Manitoba.