Over the Christmas season, the municipality of Summerland’s utility website was hacked. No damage was done. The site was quickly restored.
“There was a vulnerability found and patched by the utility system provider,” explained Karen Needham, Summer-land’s director of corporate services.
But other cities and public agencies around the continent have suffered major damage from hacking, particularly from a form known as ransomware. Hackers encrypt documents in a computer system and demand a ransom to free it. Some cities pay. Some don’t, but pay much more to repair their systems.
Baltimore, Maryland, refused to pay a $75,000 ransom demand last year. The city estimated costs to repair damage done to its systems was $18 million.
In 2018, Midland and Wasaga Beach, Ont., paid $76,000 and $34,000 in ransom to get access to their systems back. Midland, at least, had an insurance policy to cover the costs. Summerland has a policy too, although when asked what Summerland would do if hit with a ransomware attack, Needham noted: “There would be many variables involved before a decision would be made.”
Lifelabs, a medical testing company with 15 million clients, mostly in B.C. and Ontario, paid an undisclosed ransom to unlock its computer systems last fall. LifeLabs said the compromised database included health card numbers, names, email addresses, passwords and dates of birth.
Saskatchewan eHealth’s system was hit, but not crippled, by a ransomware attack in December.
In an announcement that the B.C. and Ontario privacy commissioners would investigate the LifeLabs hack, Ontario’s information and privacy commissioner Brian Beamish said: “Cyberattacks are growing criminal phenomena and perpetrators are becoming increasingly sophisticated. Public institutions and health-care organizations are ultimately responsible for ensuring that any personal information in their custody and control is secure and protected at all times.”
So, what are local municipalities and public agencies doing to protect your data?
A lot, as it turns out, but is it enough?
“We have confidence in the security systems we have put in place, but hackers are always coming up with new and creative ways of attack,” said Brian Abrey, infrastructure systems manager with the City of Kelowna. “Every organization is susceptible to an intrusion, despite best efforts, but we are definitely keeping up with best practices on how to maintain security.”
Constant vigilance is required to keep computer systems safe, say the people in charge of local government systems.