A week after STM cyberattack, security breach discovered at Jewish General Hospital
MONTREAL -- An investigation is underway after a cyber-security intrusion was discovered at the Jewish General Hospital, which authorities think might be part of a bigger pattern.
"It’s not just in Quebec," Health Minister Christian Dube said at a Thursday afternoon news conference when asked about the breach.
"The attack was probably beyond our borders, and what I understand as well, is perhaps it's not just at the CIUSSS Centre-Ouest -- there might be other centres that are also impacted."
On Thursday evening, Quebec's ministry of health and social services said no other health centre in the province has been impacted yet.
Dube said the government is looking into the issue at the CIUSSS West-Central with help from the RCMP as well as Microsoft.
Appointments at CLSCs overseen by the CIUSSS are suspended for the moment, Dube added, because they've decided to shut down their systems as a precaution.
"The approach we’re taking is to protect the personal data," he said.
An email to employees at the Jewish General Hospital obtained by CTV News said patient and staff information does not appear to have been accessed at this time.
"It is important to note that our information technology systems are currently operating properly and without incident," the email reads.
"Despite this, and as a preventative measure, we are taking additional steps to protect ourselves from any future event."
Internet access has been cut off while the investigation is underway, and employees have been asked to download materials needed to complete some of their work offline over the next 72 hours.
"I realize that this task is likely to be time-consuming," the email continues. "However, this proactive precautionary measure is essential in order to protect the health, safety and personal information of all those who rely on our CIUSSS for health care and social services."
On Wednesday of last week, Montreal's transit authority (STM) announced it was targeted by a cyber-security breach that was found to be a ransomware attack -- which is when hackers hold a site hostage until its owner pays a ransom.
“It’s the equivalent of a kidnapper sending a pinky to a victim,” Brett Callow, threat analyst at Emsisoft, told CTV News earlier this week.
The STM said the attack occurred "despite the various defenses that are in place to deal with this type of event."
More than a week later, the STM's website is still inaccessible, which has severely affected services for people with disabilities.