'Slight delays' for some services caused by eHealth hack, says Sask. Health Authority

Residents trying to access services from the Saskatchewan Health Authority may experience a "slight delay" as a result of a ransomware attack that hit eHealthSaskatchewan lastweekend.

The attack, which is said to have started on Sunday, resulted in some eHealth information being encryptedbut officials with eHealth said patient data is still secure.

On Tuesday, the Saskatchewan Health Authority acknowledged in a statement it has been working closely with eHealth to ensure steps are taken "to mitigate the impact to the SHA, our patients, and other health system partners" as a result of the hack.

"Currently, there are no major impacts on patient care, although some patients may notice a slight delay in some services," the statement said.

The SHA was unable to provide further information on what services are being affected and the extent of the delays.

A statement from Julianne Jack, executive director of communications for Central Services with the Government of Saskatchewan, said the attack on eHealth has not affected the province's information technologyenvironment.

"While eHealth investigates the issue and repairs and restores any impacted servers, any links to eHealth applications or between Saskatchewan.ca and eHealth have been suspended," she said.

"IT security is always on alertand work is always ongoing to protect government information, data and systems from the ever-changing threat landscape."

'They're prevalent because they work'

Ransomware attacks are becoming more common across the board said Alec Couros, a professor of information and communication technologies at the University of Regina.

He said these types of attacks can be undertaken by large criminal organizations or an individual using a script they found online.

"They're prevalent because they work and they do provide instant money into criminal coffers," he said, noting ransomware attacks have increased two to three-fold even in the last year.

Officials at eHealth have said that they won't be negotiating with the hackers in order to get access to the files but Couros saidwhether or not that's the right call depends on the data.

"If it's really sensitive and important information and they can't retrieve the data, I think that's a bit foolhardy," he said. "But if they're able to get the information back with less of a cost or a similar cost, I think that would be finebut that's just not always the case."

He said the effects of these types of breaches can vary widely from a minor inconvenience to the halting of an entire government system.

David Gerhard, a computer science professor at the University of Regina, said organizations are pummeled with these types of attacks on a daily basisbut for the most part, systems are prepared to counter the attacks.

However, one click is all it takes to compromise a system.

"Humans are always the weakest link in any security chain and the best way to protect against this kind of stuff is education," he said. "Make sure your employees and the people who use your computer systems are aware of all of the new techniques that spammers use to try to get you to click on these bad links."

He said people should keep an eye out for emails that appear to come from their bossbut don't reflect how they usually talk or write. A simple phone call to verify the email can close a door for a hacker.

"Most of the time, people don't fall for itbut it only takes one person to click one bad link for an entire institution to be infected," he said.

eHealth staff were examining its servers that may have been hacked and officials say eHealth staff, alongside staff from Microsoft and Cisco Systems, are working to assess the situation.