Calgary

AHS cybersecurity head warns of 'large number of attacks' using health body's name

Cybercriminals looking to target Albertans are increasingly using Alberta Health Service’s name to do so, the organization’s chief information security officer says. 

Professor says cybercriminals often use reputable names, like Alberta Health Services

A red brick building with a sign that reads 'Alberta Health Services.'
Cybercriminals are using Alberta Health Service's name, says the organization's chief information security officer. (David Bajer/CBC)

Cybercriminals looking to target Albertans are increasingly using Alberta Health Service's name to do so, says the organization's top information security officer. 

The attacks — typically in the form of a phishing text or email — started before the pandemic, prompting the health body to issue a warning to Albertans. 

But the number of people impersonating Alberta Health Services has only increased since then, says Robert Martin, chief information security officer at AHS.  

"We're being used as a recognizable name to trick other people. There's a definite increase year over year," he said. 

"We do see a large number of attacks that are going out to individuals that they're trying to pretend that they are Alberta Health Services." 

The goal, Martin says, is often to extort something, usually money. 

"People are targeting health-care organizations because they're trying to take advantage of the pandemic," he said. 

"We do see some people trying to get us to click the link with some vulnerability or some software on them. And in some cases, it's just purely credential stealing. In some cases, it's ransomware."

He says Albertans should be aware that if they're not expecting an email or text from AHS, they shouldn't randomly get one, and the agency will never ask for money. 

Cybercriminals often use reputable names to get people's attention, as many people are bombarded with scams, says Tom Keenan, a University of Calgary professor who studies technology adoption.

"But if it's from something that you care about, Federal Express, Canada Post, Alberta Health Services, you are likely to open it," he said. 

He says the corporate identity theft of AHS is "very serious," especially as medical and diagnostic information of patients could be accessed.  

Attacks on health care 

Grant Thornton, a North American accounting firm, recently released a report analyzing threats to Canadian cybersecurity in 2021-22. 

That report says criminals are more frequently targeting vulnerable organizations such as hospitals, critical infrastructure and other organizations where an attack could have a harmful effect. 

Last year, Newfoundland and Labrador's health-care system was the victim of a cyberattack, believed to be the worst in Canadian history. 

Martin says AHS works to improve its cybersecurity program every year, and is doing increased monitoring of threats as cyberattacks of all kinds climb.