Skip to main content

Ransom demand behind B.C. health authority cyberattack, premier reveals


British Columbia’s premier has revealed a cyberattack on a health authority is another ransomware incident, while experts say it appears to be a different group of criminals than those behind two other recent attacks.

The First Nations Health Authority, which provides services and healthcare to Indigenous people across the province, announced a “cyber security incident” on Wednesday but provided little detail.

When David Eby was asked about the incident at an unrelated press conference on Thursday, he told reporters cyberthreats are growing and that “we have seen high-profile retailers like London Drugs be the victim of ransomware, and now the First Nations Health Authority.” 

The data stolen by cybercriminals and now being used to blackmail officials is considerable, with samples already posted on the dark web: the signatures of senior FNHA staff on seven-figure contracts with medical providers, legal agreements with First Nations governments, as well as emails between providers and patients.

Other health authorities affected?

One of those emails involves a staffer in the Northern Health Authority, so CTV News asked the health minister what other health authorities could be compromised. FNHA has only a handful of facilities and patients often get medical care through the five geographic health authorities (Island Health, Vancouver Coastal, Fraser, Interior, and Northern Health).

“There's no evidence that the health authorities have been at all affected by the breach at the First Nations Health Authority,” said Adrian Dix, who seemed unaware of the data package posted to the dark web. “They're taking it extremely seriously, they're bringing in all of the required supports to provide maximum protection to both data and to people.”

How this hack is different

CTV News consulted several cybersecurity experts about this latest hack. One pointed to sloppy coding on the FNHA website’s contact page, while others said it appears a different group of hackers is behind the London Drugs ransomware attack since the information was posted by another group. 

“The blueprint for how these attacks unfold would be very similar to what happened at London Drugs,” explained Sophos Security analyst, Chester Wisniewski. “There's almost a manual to teach these hackers how to do these attacks; start with human resources information, then target finance, then target legal, then go through peoples' inboxes and look for the word ‘password’ or this type of thing.”

Eby emphasized that the attack on provincial systems earlier this month is likely separate, but would not commit to expanding funding or staffing to combat the rising threat, having made millions in investments in the last few years.

“In 2022 we deployed additional resources to be able to detect and prevent cyberthreats, that enabled us to detect and begin the work to address the cyberattack we've faced from a state-level actor,” he said. 

Wisnkiewski warned that those problems are much harder to solve.

“An attacker that is a nation-state is typically carrying out a spy mission or a military mission and they won't give up no matter how hard you defend yourself,” he said. “The criminals behind the attack on the health authority and London Drugs are really just after money.” Top Stories

Stay Connected