The First Nations Health Authority (FNHA) in British Columbia, Canada has fallen victim to a cyberattack according to a statement released on May 22, 2024. According to sources, the First Nations Health Authority cyberattack may has resulted in a data breach as well.
First Nations Health Authority Cyberattack Details
The FNHA is responsible for planning, management, service delivery and funding of health programs, in partnership with First Nations communities in British Columbia.
The health authority detected an intrusion into its corporate network on May 13th where cybercriminals managed to gain access. FNHA officials were thankfully able to deploy timely countermeasures that prevented the attackers from encrypting the entire network. However, the FNHA believes certain employee information and some limited personal information of others may have been compromised as a result of this cyberattack.
The types of employee or public data that could potentially be affected have not been specified by the FNHA. They have also not clarified if any sensitive health records were accessed, only stating there is no evidence that the attack “impacted any clinical information systems.”
The FNHA has engaged outside cybersecurity experts and notified law enforcement agencies like the Royal Canadian Mounted Police as well as the Office of the Information and Privacy Commissioner of British Columbia about this First Nations Health Authority cyberattack.
No connection has been established between this cyber incident and the series of other prominent cyberattacks that have occurred in British Columbia recently. This includes the allegedly state-sponsored cyberattack that targeted the British Columbia government itself.
The news of the FNHA data breach comes just a day after it was revealed that major Canadian retail chain London Drugs is facing ransom demands of $25 million from the infamous LockBit ransomware group following a cyberattack on their systems.
British Columbia’s Public Safety Minister Mike Farnworth commented that this First Nations Health Authority cyberattack shows a different modus operandi compared to both the provincial government hack and London Drugs incident.
“I can tell you that it is different from what the province faced, and it is also different from what the London Drugs incident was,” B.C. Public Safety Minister Mike Farnworth commented on FNHA attack.
Cybersecurity experts analyzing the London Drugs situation believe the ransomware operators obtained unauthorized access to employee files but did not manage to infiltrate customer data systems, showing the company had appropriate precautions in place.
However, organizations still need to be transparent about the entry points used by cybercriminals so others can strengthen their defenses against similar attacks.
As the First Nations Health Authority continues to investigate the full scope of this cyberattack through forensic analysis, they have confirmed taking steps to notify any individuals whose information may have been impacted.
With cyberattacks increasing at an alarming rate, this incident impacting the FNHA serving Indigenous communities underscores the vulnerabilities even healthcare providers face from sophisticated cyberthreats.
Only further transparency around the attack vectors can help better protect against future cyberattacks and data breaches across various sectors.