Cyber Incident Victim: Health Sciences North
Date:
Jan 2019
Location:
Canada
Summary
A cyberattack on Health Sciences North disrupted operations across 24 hospitals in northeastern Ontario, prompting a system-wide downtime to contain the infection. The malware, undetected by standard antivirus tools, originated in the cancer program system and impacted electronic medical records, medical imaging, email, and office productivity software. The Canadian healthcare provider confirmed no data breach or corruption occurred despite the widespread technical disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack targeting Health Sciences North (HSN) in Sudbury, Ontario, occurred on or around January 17, 2019, disrupting operations across 24 hospital facilities in northeastern Ontario. The attack involved malware that existing antivirus tools failed to detect, prompting HSN CEO Dominic Giroux to order a system-wide downtime as a containment measure. This precaution aimed to prevent further contamination after the malware initially infected the organization's cancer program system. The downtime protocol affected critical infrastructure, including electronic medical records, medical imaging systems, and email and office productivity software. While the cancer program served as the infection's epicenter, the defensive action broadened to encompass all HSN systems to ensure isolation. Giroux publicly confirmed the incident through CBC News, emphasizing the novel nature of the malware that circumvented conventional security measures. No evidence indicated data exfiltration or encryption during the event, with Giroux explicitly stating patient information remained uncompromised. The disruption occurred during active hospital operations, though the article does not specify immediate clinical consequences or patient care interruptions.
The incident's operational impact extended across HSN's entire network of 24 healthcare facilities, forcing reliance on manual or alternative procedures for affected systems. While electronic medical records and imaging systems were inaccessible, the organization maintained essential services through downtime protocols. Giroux's statements clarified that the malware did not corrupt stored data, eliminating concerns about permanent loss of medical records or diagnostic images. The response focused entirely on containment through isolation rather than data recovery or system restoration efforts. No threat actor attribution, ransom demands, or specific malware family identification was disclosed publicly. HSN's transparency regarding the absence of a data breach aimed to reassure patients and stakeholders despite the significant operational disruption. The centralized downtime decision reflected a precautionary approach prioritizing system integrity over partial functionality during the investigation.