Ransomware attack on Newfoundland and Labrador healthcare system
What happened
On 30 October 2021, a cyberattack crippled the IT systems underpinning Newfoundland and Labrador's healthcare network, disrupting all four of the province's regional health authorities. Eastern Health, the largest authority serving St. John's, was hardest hit, while Central Health, Western Health and Labrador-Grenfell Health were also seriously affected. With email, diagnostic imaging and lab systems offline, staff reverted to pen and paper, and thousands of appointments and procedures were cancelled or delayed, including chemotherapy, radiation, blood work, diagnostic imaging and routine screenings. A forensic investigation later found the earliest attacker activity dated to 15 October 2021, when intruders used the compromised credentials of a legitimate account to connect via VPN; data was exfiltrated between 26 and 29 October before ransomware was deployed on 30 October.
Officials confirmed it was a cyberattack on 3 November 2021. Patient and employee data was stolen from three of the four health authorities. The breach grew to affect more than 58,000 people, over 10 percent of the province's population, including patient registration and medical information dating back years; Social Insurance Numbers of fewer than 20 individuals and financial details of fewer than five were also taken. The provincial government attributed the attack to the Hive ransomware group only in March 2023, after the US Department of Justice dismantled Hive. Officials declined to say whether a ransom was paid.
Assessment
Independent experts, including Beauceron Security CEO David Shipley, described the incident as possibly the worst cyberattack in Canadian history, citing the unprecedented scale of a healthcare-network takedown. The evidence points to financially motivated cybercrime rather than a state-directed operation; the Hive attribution, made public by provincial officials in 2023, reflects a criminal ransomware-as-a-service group rather than a confirmed state actor. Any wider geopolitical link remains unknown. The case underscores the vulnerability of underfunded healthcare IT and the patient-safety consequences of disrupting clinical systems.
This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.