Fraud Management & Cybercrime , Healthcare , Industry Specific
Toronto's Hospital for Sick Children says it is evaluating decryptor keys published by hackers responsible for a mid-December ransomware attack that caused delays in patient care.
See Also: End-to-End OT Patch Management
The pediatric teaching hospital says the Dec. 18 incident affected internal clinical and corporate systems as well as some hospital phone lines and webpages. It warned patients about delays in retrieving lab and imaging results and told staff it had activated an emergency recovery plan to ensure salary payments (see: Children's Hospital Expects Weekslong Ransomware Recovery).
In periodic updates including its most recent, published on Sunday, the hospital has repeatedly stated that there is no evidence the attack affected personal data, including health information. The hospital says it did not make a ransomware payment.
Ransomware-as-a-service group LockBit claimed responsibility, stating on its leak website that a now-disowned affiliate initiated the attack. The group "formally" apologized and published on the dark web a file it said would decrypt affected files.
The hospital says it hired "third-party experts to validate and assess the use of the decryptor" and that it already has restored 60% of the affected systems.
LockBit's self-published policy for affiliates says ransomware attacks "where damage to the files could lead to death" at institutions "where surgical procedures on high-tech equipment using computers may be performed" are off-limits. The policy approves the theft without encryption of medical data and "pharmaceutical companies, dental clinics, plastic surgeries, especially those that change sex."
Ransomware attacks on hospitals can have potentially fatal consequences even if they're not directly responsible for a patient death. A September 2021 analysis by the U.S. Cybersecurity and Infrastructure Security Agency says cyberattacks can contribute to increased patient mortality by degrading hospital capacity (see: CommonSpirit's Ransomware Incident Taking Toll on Patients).
LockBit has been active since 2019. Recent victims include the Port of Lisbon, France's Thales Group and German auto parts maker Continental, among others.
Asokan is a consultant editor for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.
Covering topics in risk management, compliance, fraud, and information security.
By submitting this form you agree to our Privacy & GDPR Statement
90 minutes · Premium OnDemand
From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations' risk management capabilities. But no one is showing them how - until now.
Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 - the bible of risk assessment and management - will share his unique insights on how to:
Sr. Computer Scientist & Information Security Researcher, National Institute of Standards and Technology (NIST)
Was added to your briefcase
Toronto Hospital Gauges Whether to Use LockBit Decryptor
Toronto Hospital Gauges Whether to Use LockBit Decryptor
Need help registering? Contact support
Complete your profile and stay up to date
Create an ISMG account now
Create an ISMG account now
Need help registering? Contact support
Need help registering? Contact support
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.