The ransomware attack that hit Newfoundland and Labrador’s health-care IT systems in 2021 was “almost an inevitability” and likely resulted in the theft of personal data from the “vast majority” of the province’s population, says a report released Wednesday.
Health officials also broke provincial privacy laws by not disclosing key information within a reasonable time frame about the nature of the attack and whether information had been stolen, concludes the 115-page report from the office of the province’s information and privacy commissioner.
“We understand that sometimes mistakes happen and accidents happen … in our estimation, that is not what happened here,” Sean Murray,  the report’s author, told reporters. “It was pretty clear that we did not have in this province appropriate cybersecurity measures in place in our health-care system prior to the cyberattack. And that was the major contributor to the cause of the cyberattack.”…