Ontario nurses’ governing body hit by ransomware attack

The College of Nurses of Ontario has acknowledged suffering an undefined cyber incident after personal information on some of the province’s nurses was posted online by the Netwalker ransomware gang.

“The College of the Nurses of Ontario (CNO) is in the process of resuming normal operations following a cybersecurity incident,” the regulator said in a statement on its website Thursday. “Upon discovery of the incident on September 8, CNO took immediate steps to contain the incident and engaged a leading cyber-security firm that is assisting with remediation and conducting a comprehensive forensic investigation.”

IT World Canada had no response from the CNO on Sept. 16 when requesting for comment after learning the college was listed as a victim on the Netwalker site. The gang also posted a screenshot of what are apparently file folders — including one called “Human Resources” — from the college.

Netwalker is a group that copies some corporate data before encrypting information on a victim’s systems. It then threatens to shame the victim by releasing sensitive information unless a ransom is paid for the decryption key.

Ontario has 121,488 registered nurses, 59,967 registered practical nurses and 3,864 nurse practitioners. As the governing body, the CNO could have personal information on all nurses including their home addresses, work addresses and phone numbers. It would therefore be extremely sensitive about the possible release of personal information.

The CNO website statement says that until normal operations resume, the open database allowing the public to find a nurse, the nurse renewal portal and the portal for membership applications are closed.

CBC News quoted Vicki McKenna, president of the Ontario Nurses Association (ONA), who represents the registered nurses, as being surprised by the news. “I’m outraged that I didn’t know as a member of the college that this had happened,” said McKenna.

“It’s unforgivable to wait to let people know. I think that’s shameful,” Michael Hurley, the regional vice-president for the Canadian Union of Public Employees (CUPE), who represents registered practical nurses, told CBC. “Most nurses are women, and in Canadian society, there’s a significant problem with violence against women. I’m concerned about who will have access to private information about these nurses, some of whom have restraining orders against their partners, or have partners who have expressed an intent to be violent.”

When IT World Canada began investigating Wednesday, the CNO website and the organization’s phone line said the college’s office was closed due to a technical problem.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now