Another Canadian hospital has been hit by a cyber attack, the second in three months.
Ross Memorial Hospital in the eastern Ontario community of Lindsay, Ont., said in a statement today that, on the evening of Sunday, Feb. 5, it had to declare an IT emergency — called a Code Grey — because of a “suspected cyber incident.”
“The hospital has retained third-party cybersecurity resources to work with our technical experts to investigate the incident according to industry best practices,” the statement said. “Our systems restoration plan is also ongoing, and we are communicating with our local, regional, and provincial partners regarding next steps.”
In the meantime, it is trying to maintain delivery of critical hospital services. But patients with less urgent conditions are encouraged to consider alternate options for care, such as their primary health care provider, pharmacist, after-hours clinic, virtual care, or by calling the Telehealth Ontario line. After-hours clinics can often treat non-urgent and minor illnesses and ailments, such as earaches, sore throats, or provide prescription refills, the statement says.
The hospital is part of the Central East Local Health Integration Network in the Kawartha Lakes district. It serves an area with 100,000 residents. Lindsay is the largest community in the City of Kawartha Lakes.
A local news service, Kawartha411, calls the incident a suspected ransomware attack. People in the hospital’s emergency ward told it hospital staff can’t access the systems needed for treatment, while visitors and patients can’t use the parking machines.
The attack on Ross Memorial follows the December ransomware attack on Toronto’s Hospital for Sick Children. The LockBit gang apologized for that attack, saying its affiliates aren’t allowed to go after hospitals and certain critical infrastructure, and sent the hospital a data decryptor.
Last November, an expert panel on cybersecurity warned the provincial government that some parts of Ontario’s broader public sector — which includes hospitals — struggle to keep their IT systems secure.
Its report noted that the provincial health ministry has established six Regional Security Operation Center (RSOC) pilots for co-ordinated cybersecurity operations.