'Vulnerable' Canadian hospitals may struggle to fend off cyberattacks

There are concerns that Canadian hospitals are ill-prepared to fend off the type of "ransomware" cyberattack that is wreaking havoc around the world.

At least 150countries have been affected by the so-called WannaCry virus, which has reached an "unprecedented" level, according to Europol's cybercrime unit.

• WannaCry ransomware: What you need to know

• Dozens of countries affected by ransomware cyberattack

The digital worm has infiltrated 16 hospitals in the United Kingdom, leading to ambulance and appointment disruptions. Oshawa's Lakeridge Health one of Canada's largest community hospitals was also targeted by WannaCry, but says it was able to contain and deflect the attack.

But others in the industry have fears that a more damaging attack is possible.

"Everybody's nervous," said Dr. Danielle Martin, a family physician and vice president of Women's College Hospital in Toronto. "It's a terrifying thing to imagine that people's personal health information could be extracted," she added.

Hospitals 'vulnerable' to attacks

Ransomware cyberattacks are designed to hack into a database and encrypt sensitive information, forcing its original owner to pay to have it unencrypted and returned.

While the WannaCry virus is built to scan all areas of the web, hospitals and other public sector agencies such as Germany's national rail service tend to be disproportionately affected, according to Metro Morning technology columnist Jesse Hirsh.

Hirsh likens the virus to an automated worm "crawling across the Internet, looking for holes in computers." It just so happens that hospitals tend to offer up some of easiest access on the web.

"It's not so much that hospitals are being targeted, it's more that hospitals have old technology that's particularly vulnerable," Hirsh explained.

If the attack were successful at a Canadian hospital, Martin says it would temporarily turn the facility into a strictly "bare bones" operation, putting elective surgeries and appointments on hold. The hospital would also be forced to revert to its backup paper-based system until the digital files were recovered or restored from a backup.

A delicate balancing act

While Martin says the transition from hard copy files to a digital system has significantly improved healthcare, she acknowledges the change has opened up hospitals to new challenges as well.

For example, when a hospital keeps electronic health records and makes them available to both patients and family doctors, cyber attackers are given more opportunities to break into the system.

"Each of these things creates a new layer of risk," said Martin.

To protect that data, she says hospitals are focusing on educating staff to help protect those vulnerabilitiesby not opening emails from unknown sources or clicking unexpected links or files.

That last, human line of defence may be particularly needed in organizations that are unlikely tohave access tothe cutting edge technology that some companiesare able to deployin the event of an cyber attack.

"Their primary job is to help people, to heal people, not to keep their technology working," said Hirsh.