The College of Nurses of Ontario (CNO) is still trying to figure out if the personal information of its 300 employees and 195,500 members has been compromised more than ten days following a ransomware attack. CBC News has the details:
“We are aware of a claim on the dark web regarding data theft from CNO,” the nursing regulatory body told CBC News in a statement.
“While we are not able to confirm at this time, through a comprehensive forensic investigation, CNO is seeking to determine whether personal information was compromised as result of the incident that may require notification to individuals. Although CNO was affected by ransomware, the organization is implementing a range of approaches to resume operations safely and securely, including restoring from backups.”
Hackers have posted some of the information they claim to have obtained online, including folders marked “Human Resources” and “Human Rights Matters.” Among the information posted are photos of small claims and Superior Court settlements, which include the full names, addresses and phone numbers of people.
Lovely. This isn’t a trivial attack as clearly someone has information that they shouldn’t have. And it will be interesting to see what The College of Nurses of Ontario does to remedy this situation. You should likely stay tuned for updates.
David Masson, Director of Enterprise Security at Darktrace had this to say:
This latest news follows a number of intensifying ransomware attacks globally – just last week a woman’s death in Germany has been directly linked to a cyber-attack. Threat actors no longer simply lock up data until the ransom is paid; instead they steal it and threaten exposure until they receive payment. This ransomware technique has been a developing trend since the end of 2019 in Canada. When attackers are able to target data, we can assume they have been lying dormant in the infrastructure for some time before they launch a full blown attack.
This is common amongst organizations around the world who struggle to get visibility over their increasingly disparate and dynamic workforces. CNO may now pay a price in loss of trust through not having disclosed to their clients as soon as possible that they suffered a compromise. In situations like this it is best practice to have a disclosure plan and to disclose as soon as possible otherwise it is likely that someone else will make the story public and it won’t be on the company’s terms.
Ransomware is evolving but the key to preventing attacks remains the same. It is clearer than ever before that the status quo is not good enough. Organizations need to ensure they are using the best technologies available to them, like AI, to automatically stop fast-moving attacks in their tracks.