Update – Resolved: KHSC investigating possible cyber-security incident

Kingston General Hospital, a KHSC site. Photo by Lucas Mulder.

Update (Thursday, Nov. 5, 2020):

According to Kingston Health Sciences Centre (KHSC), the interruption to online access at the institution’s sites is now resolved.

On Thursday, Nov. 5, 2020, KHSC provided an update on the cyber attack situation that began the day before.

“Kingston Health Sciences Centre (KHSC) has completed an investigation of a potential cyber-security incident,” KHSC said in a statement to Kingstonist. “As of Thursday, our Internet access has been restored and all systems are now back online.”

KHSC credited their teams with “acting swiftly to implement downtime protocols for systems that require external access” during the outage. Patient care now continues as normal, including virtual options, in-person appointments, and access to the online COVID-19 pre-screening tool (available here).

“We take very seriously our obligation to protect personal health information. We can confirm that at no time was any of our patient data at risk,” KHSC said.

“We thank the public, our patients, families and staff for their patience with any delays that were caused as a result of this incident.”

Original article:

Kingston Health Sciences Centre (KHSC) has confirmed that it is currently facing an online access interruption, which a source at the hospital says is related to a possible cyber-security breach. KHSC did not immediately disclose the exact nature of the incident.

“We can confirm that KHSC’s internet access and external-facing systems are temporarily offline,” said KHSC in a public release.

KHSC’s notification, released following media inquiries, did not address whether any confidential information had been breached in the incident, but did say patient care was proceeding normally.

“Our teams have acted swiftly to implement downtime protocols for systems that require external access. Patient care is being delivered as usual. Patients, families and approved visitors can continue to access the hospital as usual, mindful of our visitor and family presence restrictions still in place during the COVID-19 pandemic.”

KHSC says that the online pre-screening tool, which patients complete up to four hours before their scheduled outpatient appointment or day surgery, is also temporarily offline. Visitors to the online screening tool are met with a message that “the form is closed.”

Because of this, screeners at entrances will do in-person screening for all patients today, Wednesday, Nov. 4, 2020, according to KHSC.

“Our IM team is working hard to bring the external links back up. Our internal patient care and business systems continue to function, although some are operating more slowly than usual,” said KHSC Vice-President Mission & Strategy Integration and Support Services Elizabeth Bardon.

“Patient care continues to be delivered largely as usual with a few minor delays in some areas. Virtual care has been temporarily shifted to phone calls or in-person appointments with some rescheduling if and when appropriate,” Bardon continued.

Patients, families and visitors can continue to access the hospital, mindful of visitor and family presence restrictions still in place due to COVID-19.

KHSC says that it will be in a position to provide further insights into the incident on Thursday.

What is happening and how soon can it be fixed?

David Skillicorn, a Professor at Queen’s University’s School of Computing and Adjunct Professor in the Mathematics and Computer Science department of the Royal Military College, spoke with Kingstonist about the issues at KHSC. While he noted that his insights are mostly speculation at this point, he was able to shed some light on what seems to be happening at KHSC, and how that situation differs from other cyber attacks.

“Most organizations would divide their computing resources into the core stuff that runs the business, and the piece that runs the website and the outward-facing things, and separate those two from one another,” he said, noting that a lot of businesses do so because the outward-facing part is basically for marketing, while the internal piece is the part that makes money for a business or organization – how it operates and how it stores information.

“It sounds like that’s what’s going on here; the piece that’s broken is the piece that ordinary people deal with [when] approaching KHSC, but not the piece that does any of the medical stuff or anything like that. It’s the website that’s broken, it’s the pre-screening form that’s broken, and those kinds of things,” he continued.

“Unless they’ve done a really poor job, I would expect that to be a totally different system from the one that runs all the real stuff.”

In terms of a threat to security or patient confidentiality, Skillicorn said there appears to be less of a threat due to the fact it is KHSC’s outward-facing computing portion that is affected.

“I would be very surprised if there are any issues like that to come out of this,” he said of security breaches and patient confidentiality.

Because that customer-facing piece isn’t critical to the organizations, it often doesn’t get as much attention as it should, and therefore becomes a bit of a soft target, Skillicorn explained.

“I mean, at some level, this could be the same as kind of drawing mustaches on movie posters, all the way up to just trouble-making,” he said with a laugh.

“But other than the loss of access to services, the consequences aren’t likely to be very serious.”

Skillicorn went on to explain that the cyber attack KHSC is facing appears to differ greatly from the ransomware attacks happening at hospitals across the US and in parts of Canada.

“That stuff is a great deal more serious, because that is targeting the medical side of the house, and trying to disrupt surgery and medicine and patient records and all of that kind of stuff,” he said.

The ransomware attacking hospitals and health care agencies that American authorities and cyber security experts began warning of in mid-October is most likely Ryuk, which experts have linked to a group called UNC1878, also known as ‘Wizard Spider.’

Skillicorn said that, if KHSC were dealing with that type of ransomware attack, he thinks there would be more signs of panic. He also noted that what is happening at KHSC currently is not the same as the cyber attack experienced at RMC this past summer.

“For RMC in the summer, it was an entirely different story. RMC’s attack was a great deal more on the core systems, not just on their website and such,” he said.

Skillicorn suggested that a solution to the issues could take several days, but noted he was unsure which route KHSC would take to get to that solution.

“Well, normally it’s pretty much straightforward, you just reload all the systems with the original versions of everything, and you’re back in business. The only thing that delays it is usually trying to figure out how it was done, and making sure it can’t just be done again,” he said.

At RMC, they decided not to rebuild anything until they understood everything about what had happened, Skillicorn explained. But for KHSC, it could be done differently.

“Given the situation and the need to get stuff working for patients, they may do two things in parallel – fix the systems and, at the same time, try and figure out what happened,” he said. Kingstonist has reached out to KHSC for more details on the attack they’re experiencing, how their computing systems are set up, and what steps will be taken next. We will update this article as more information becomes available.

Leave a Reply

You cannot copy content from this page, please share the link instead!