A majority of systems at Toronto’s Hospital of Sick Children that were hit by a ransomware attack last month have been restored, the hospital said Thursday.
In a statement, SickKids said 80 per cent of the systems are accessible again. As a result, the hospital announced it has lifted the Code Grey that was initiated on Dec. 18 when the cybersecurity incident was discovered.
“I am very thankful that we have been able to call the Code Grey All Clear relatively quickly with minimal disruptions to patients and families. Without the extremely hard work of our staff and expertise of external advisors over the holidays, we would not have been able to lift the Code Grey as efficiently as we have,” Dr. Ronald Cohn, the president and CEO of SickKids, said in a statement.
The attack resulted in many of the hospital’s systems being offline, prompting SickKids to open a command centre and consult with third-party experts.
During the Code Grey, a number of patients and families experienced diagnostic and treatment delays due to lab and imaging results not being received on time, SickKids said.
“Clinical teams continue to monitor but have not identified any serious health outcomes related to the service delays,” the hospital said.
It added that while the hospital’s electronic medical record (EMR) was not impacted, systems that integrate with the EMR were temporarily unavailable. In addition, several corporate systems were also hit by the attack, including the hospital’s timekeeping system for staff and intranet.
SickKids said they were notified on Dec. 31 of a statement from the group responsible for the attack offering a free decryptor. LockBit, a ransomware group that has been called by the FBI as one of the world’s most active and destructive, issued an apology that day, saying a “partner” was behind the attack and offered the hospital the decryptor.
The hospital said it has not used the decryptor or made any ransom payments.
“SickKids continues to consult with its third-party experts to determine the most efficient and effective means to restore its impacted systems, including the possible use of the decryptor. There is no evidence to date that personal information or personal health information has been impacted,” SickKids said.
Nimira Dhalwani, the hospital’s chief technology officer, added: “Our cybersecurity measures meet a high standard, and we are confident that the safeguards and processes we have in place enabled us to respond rapidly to mitigate the impacts on hospital operations. We are working with our experts and industry partners to strengthen our collective systems wherever possible.”
– with files from The Canadian Press