Ca: Humber River Hospital hit by ransomware variant, prompt response prevented encryption and exfiltration
Humber River Hospital in Toronto was hit with a ransomware attack in the early hours of the morning of June 14. Their response was organized, immediate, and reportedly very effective.
The following is a statement prominently displayed on their web site today:
Code Grey- Update
On June 14, 2021, at about 0200 hrs we experienced a zero day ransomware of a new malware variant. Since our systems are constantly updated (most recent patching June 13, 2021) and monitored this was discovered almost immediately and all IT systems were shut down, including our patient health records system. Ransomware usually encrypts files and then once most are encrypted asks for ransom. Since we shut down quickly, encryption is not an issue, although we are dealing with some corrupt files.
The IT department has been working with an external recovery firm who are assisting by being in the facility and online with the recovery planning. We have over 5000 computers (800 of which are servers) each will be restarted manually; the patch (just developed by Symantec) will be added to each computer and then each system recovered as required. We will bring systems back online in a staggered approach over the next 48 hours. It is important to know that no confidential information was released.
We have cancelled a variety of clinics today and signs have been posted around the hospital to this effect. Concierge staff has been redeployed to the doors to help re-direct impacted patients. Surgeries will continue as planned for now and the Emergency Department is still open but on ambulance redirect.
As required, an IMS structure has been established and will continue until the situation is resolved.
As they step through the recovery, they may get a better sense of how many files were corrupted and whether they have backups of those files.
They do not indicate who the threat actors are.