Whoever attempted to break into the B.C. government’s information systems did not demand a ransom, and the government is confident sensitive data such as health records were not compromised, B.C’s solicitor-general says.
Mike Farnworth, who is also B.C.’s public safety minister, said Thursday his government has no idea who is behind the attack. On Wednesday evening, Premier David Eby had announced that his government had recently identified “sophisticated cybersecurity incidents.”
Mr. Farnworth said other agencies are now investigating the hacking, including police and the Canadian Centre for Cyber Security, an arm of the Communications Security Establishment, the federal cyberspy agency.
“It was a very sophisticated attempt, and we’ve been told by the experts that the money that was spent in 2022 in terms of upgrades to the system, had that not taken place, we would not even know the attempt was happening,” he said.
The minister would not say when the government learned of the attack, but acknowledged that B.C.’s Office of the Chief Information Officer sent a memo last week directing government employees to change their passwords. Mr. Farnworth said passwords are changed routinely, but “when something like this happens, passwords obviously get changed.”
David Shipley, chief executive officer and co-founder of Beauceron Security Inc., a New Brunswick software and training firm with clients around North America, said there have been more minor cyberattacks in every province aimed at agencies such as health authorities, but B.C.’s widespread compromise is new.
For example, in recent weeks, hackers have demanded a ransom from libraries in B.C. in order to keep user information secret. Retailer London Drugs was forced to shut its 79 stores across Western Canada for more than a week after a cyberattack.
London Drugs president Clint Mahlman said in an interview Thursday that the company had no evidence to suggest customer data was compromised, and he had no knowledge if the breach might be connected to the B.C. government incident.
Todd Stone, House Leader for the Opposition BC United Party, connected the password directive to the attack and asked why the government waited eight days to share details with the public.
Mr. Farnworth said in the legislature that before the public could be notified, technical experts working with the Centre for Cyber Security had to protect the system.
“The reason they do that is because if you go out and give information before that’s done, you actually end up compromising people’s information, potentially,” he said.
Government staff were sent an e-mail late Wednesday from Shannon Salter, deputy minister to the Premier and head of the public service, informing them of the incidents and asking them to change their passwords.
Thomas Pasquier, a computer science professor at the University of B.C. and an expert on cyberattacks, said it is too early to say whether state actors were involved. He said attacks against government systems are constant but almost always foiled.
Given this breach has been detected and is being investigated, it is unlikely to spread further, Dr. Pasquier said.
Mr. Shipley said that if the hackers were seeking a ransom, there would likely be a major disruption to services of some kind, so this incident could be more of an attempt at espionage. He said the public still has incredibly unrealistic expectations that government systems of this size can be protected against such attacks without serious investments. He also added that he was disappointed the province hasn’t shared more details.
“It’s a shame because we should be treating these more like air disasters, and what I mean by that is: because those things are so tragic – there’s such a high price to be paid – we need to try and learn every single lesson we can from them so we can all collectively improve,” Mr. Shipley said in a phone interview Thursday.
Mr. Mahlman, meanwhile, said he wouldn’t share “details of any interactions with the threat actors” behind the London Drugs attack. He said he didn’t know why the company was targeted, but hackers were “constantly probing for weaknesses” of online systems and the breach was discovered on April 28.
With reports from The Canadian Press