Newfoundland and Labrador hired $ 200,000 in public relations advice to tackle a cyber-attack on health care networks last fall, and a cybersecurity expert says the deal should result in more transparency. The contract between National Public Relations and the Newfoundland and Labrador Health Information Center was obtained through a request for access to information. He points out that the company, which specializes in crisis communications, has provided the province with “strategic advice for internal and external cyber incident communications”, as well as media monitoring and other communications assistance. The document was signed on October 30, 2021 – the day government officials said they first discovered the attack – and covers the government’s “response phase” to the incident. It is one of the few clues as to how much the cyber-attack may have cost the province and who was hired or consulted to help officials handle the government’s response. Cybersecurity strategist Mark Sangster says he recommends that any public company or organization get some public relations assistance if it comes under cyber-attack – but says we should advise them to be open with the public. “This is the interesting enigma here: the fact that this goes on for a few months at least, and there has been this kind of partial public communication about what has happened, but we do not really hear about his heart,” Sangster said in an interview. of on Thursday. The New Earth and Labrador government has commented on the cyber attack, refusing to say what kind of attack took place and what was its motive or whether ransom was demanded. However, several experts have said that the incident has all the hallmarks of a ransomware attack, in which hackers encrypt or steal data to hold them hostage until ransom is paid. The hackers managed to eliminate much of the province’s health care network, forcing officials to cancel thousands of appointments, including cancer care. Doctors and nurses in some healthcare facilities had to resort to printed records until the systems returned to the internet. Officials have reported several breaches of data resulting from the attack. On March 30, it was revealed that the perpetrators had stolen more than 200,000 files from a network drive, possibly involving the personal data of “thousands” of people.

Lack of detail threatens to erode confidence: Sangster

Health Minister John Haggie declined to say how much the attack in the province cost, although he said on April 7 that Equifax-free credit monitoring for those affected by the incident cost the government about $ 5 million. The contract shows a purchase order issued by the Newfoundland and Labrador Center for Health Information – which maintains the county’s core health databases – to the public relations firm on Dec. 9 for $ 200,004.50. Charges include $ 106,000 for senior consulting fees and $ 30,250 for consulting fees with a management partner. The subject matter of the contract suggests that the National Representatives participated in special business meetings and worked with “top government officials” to plan and respond to the attack. Ethniki did not answer questions sent by email on Thursday morning. Judging by the details, the Newfoundland and Labrador governments are in danger of eroding public confidence, especially among those whose data has been stolen, Sangster said. At some point, I think you owe it to the public and those directly affected to explain what happened.- Mark Sangster
“I believe there is a question of trust and responsibility because you are a tax-paying organization,” said Sangster, who wrote the 2020 book No Safe Harbor: The Inside Truth About Cybercrime – and How To Protect Your Business. “At some point, I think you owe it to the public and to those directly affected to explain what happened.” Other organizations could also learn from the experience of Newfoundland and Labrador, he said, adding, “It’s not a matter of responsibility. It’s an improvement.” In a statement sent by email on Thursday, the Ministry of Health and Community Services said the government could not provide details about the attack. “What we can confirm is that we experienced a cyber attack where an unauthorized third party had access to our systems, took some personal employee information and patient health information and encrypted certain systems in our health information system,” Nancy wrote. Hollett. “We have a good understanding of the nature and extent of the incident and we have taken the necessary steps to enhance the security of our systems.” Hollett said investigations into the incident were ongoing, adding that police, the county privacy commissioner and the Canadian Cybersecurity Center were involved. Read more from CBC Newfoundland and Labrador