Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: The Importance of Internal Audit
Even companies with mature cybersecurity practices need to conduct regular internal audit to verify their security programs. Internal, yet independent, auditors can work with management and IT functions to assess and test security practices to identify systemic security issues, close loopholes, validate effectiveness of controls, and help improve security policies. Make internal audit a part of your cybersecurity strategy.
Canadian engineering firm Black & McDonald hit by ransomware attack
A spokesperson for Canada’s Department of National Defence (DND) has indicated that Canadian engineering giant Black & McDonald (B&M) was hit by a cyber attack on February 10. While B&M have not acknowledged the incident on their website or media channels, Jessica Lamirande, the Senior Communications Officer at the DND confirmed that the government had been notified of the incident. Once informed, all incoming emails from Black & McDonald were blocked “out of an abundance of caution” and that business had been conducted by phone or in person. “Once the contractor restored its email system and informed DCC, email communication resumed, ” Lamirande advised, while emphasizing that there was no current evidence of effects on DND operations or security as a result of the incident.
A report by the Canadian Press quoted two additional B&M customers who were recently notified about the incident. Neal Kelly, spokesman for Ontario Power Generation said: “Black & McDonald notified OPG that they had experienced a ransomware attack which was unrelated to OPG operations and information… OPG conducted an immediate investigation and found there was no impact to our operations. OPG constantly monitors to ensure the highest levels of cybersecurity.” TTC spokesman Stuart Green advised that they too had been notified about the incident the week of February 27, but that “no immediate concerns” had been conveyed.
Black & McDonald, which describes itself as “an integrated, multi-trade service provider that safely delivers high-quality construction, facilities management, and technical solutions to government, institutional and industry clients,” employs over 5,500 employees across Canada and reported over $1.5 billion (Canadian) in sales in 2022.
Barcelona hospital still on manual processes as it recovers from cyber attack
The Hospital Clínic de Barcelona continues a slow recovery from a cyber attack suffered on March 5. On their Spanish language website, the hospital’s March 12 update explained that many automated processes are still be handled manually as internal teams and the Cybersecurity Agency of Catalonia. Lab, emergency facilities, and radiotherapy treatments for cancer patients are still disrupted.
On March 11, the hospital reported that the cyber attackers had demanded a $4.5 million (USD) ransom to release the data and not publish it. The hospital has confirmed that the amount of data extracted was around 4.5 terabytes. Though the nature of the data has not been confirmed, the hospital is adamant that they refuse to pay any ransom. The cyber attackers are believed to be The Ransom House gang. Head of the Catalan Agency of Cybersecurity, Tomas Roy explained that the attack “is not an attack that has come from the Spanish State, it comes from outside Spain”, and that it featured “new attack techniques,” stating that it was “sophisticated” and “complex and transversal” in its approach.
In the first day of the incident, Officials said that 150 non-urgent operations were canceled on Monday alongside up to 3,000 patient checkups, including radiotherapy visits. After five days, hospital personnel were still without Internet access, and only about 15% of the hospital’s systems had been rebuilt. Contingency systems had made it possible to recover 90% of complex surgical activity, 40% of outpatient surgery, and 70% of the external consultations, according the website updates.
U.S. House of Reps among thousands affected by third-party data breach
According to a report in the NPR, members of the House of Representatives and their staff learned on March 8 that their personal data may have been compromised due to a “significant data breach” by DC Health Link, a health insurance marketplace.
On March 10, DC Health Link updated their website and social media channels to elaborate on the incident: 56,415 customers were affected; the “data fields include the following, although not all data fields were necessarily included for each enrollee: name, Social Security number, date of birth, gender, health plan information (e.g., plan name, carrier name, premium amounts, employer contribution, and coverage dates), employer information, enrollee information (e.g., address, email, phone number, race, ethnicity, and citizenship status).”
DC Health Link reported that “[w]hile this remains an ongoing investigation, our services are running normally and we continue to operate in a state of heightened alert.”
Guelph professor foresees potential cyber problems in Canada’s food industry
In a new article in The Financial Post, University of Guelph professor, Dr. Ali Dehghantanha warns that the growing number of cyber attacks on Canada’s food system could lead to disaster. Dr. Ali revealed that “his squad of engineers and computer scientists has responded to dozens of reports of hacks inside farming and food production operations around southwestern Ontario,” receiving over four dozen calls from the food industry in 2022 alone.
Industry report offers cyber guidance for non-profits
of Oakland data
In a new report, the Canadian Centre for Nonprofit Digital Resilience outlines its research on the cyber challenges faced by non-profits – and ways forward to help strengthen cybersecurity.
The report focuses on several challenges faced in the sector, citing cyber awareness and resource constraints among the key issues. The report suggests that most non-profits do not have cyber issues like security and privacy at top of mind, as their focus is usually on their charitable missions. Further, funding restrictions mean that non-profits often don’t have the financial resources for basic cyber programs, adequate personnel or solutions, or even the wherewithal to maintain current systems.
The report outlines several objectives to overcome these challenges, revolving around improved security awareness; standardized/shared resources; improved benchmarking; dedicated campaigns to raising funds for cyber initiatives; and a more robust access to supportive vendors and pooled solutions.