Metro Vancouverites looking to get prescriptions filled at London Drugs may face difficulties following a cybersecurity attack that forced the closure of all of the company's stores in Western Canada.
The Canadian retailer discovered it was the "victim of a cybersecurity incident" on Sunday, April 28 and temporarily closed all its locations and "undertook countermeasures to protect its network and data, including retaining leading third-party cybersecurity experts," the company told V.I.A. in an emailed statement.
London Drugs is conducting a forensic investigation but does not believe customer or employee data was impacted.
Gregory Walters went to the London Drugs Woodwards at 150 Abbott St. to get his prescription filled on Sunday.
"There was a handwritten sign on the door and I thought the doors weren't working because they are automatic," he told V.I.A. "Security guards were standing inside and one of them asked me what I needed."
A pharmacist stepped outside the store and asked for Walters' name and phone number, telling him they'd contact him when his prescription was ready.
"He was super polite and understanding," he noted.
Walters said many people standing around the store weren't very receptive to the closure and many verbalized their frustration.
"It was a hostile environment because people kept coming," he said.
Walters hasn't heard back in 24 hours but said that wasn't "terribly unusual."
While the stores are closed, London Drugs said pharmacists will support customers with urgent pharmacy needs.
On Monday morning, customers were told to call their local store's pharmacy to make arrangements. However, the phone lines were taken down on Monday afternoon as part of an internal investigation.
Customers should visit their local stores in person for support until the phones are in service.
Should people be concerned about their data in the London Drugs cyberattack?
Jamie Hari, the director of cybersecurity and DNS at the Canadian Internet Registration Authority, says it is too soon to know whether the breach impacted customer's data.
"Health care is one of the more sensitive types of information to be breached," he told V.I.A.
Customers shouldn't be worried that their health records could be used as blackmail but hackers have a financial incentive to access them.
"London Drugs is an organization that is known to protect customer data," he explained. "Hackers could ask for ransom money for London Drugs to maintain its image."
Hari says hackers will use "anything and everything" that a company sees as valuable to get money.
"They might turn their switches off [and London Drugs] can lose revenue of a million per day," he noted.
Hackers could also threaten to release other sensitive data.
"Even just being able to look at data is worrisome," Hari said.
Why did hackers target London Drugs?
Nowadays, many cyberattacks aren't targeted. Instead, cybercriminals target as many institutions and companies as possible to increase their odds.
"With [artificial intelligence], attackers have the ability to cast a wider and deeper net," he explained. "They are using automated tools."
However, some organizations have more valuable and sensitive data, including ones involved in health care, banking and transportation. Cyberattacks may target companies that have people's personal health or financial data — the "crown jewels" for online attackers.
Hari says it could be an overreaction to buy credit protection services over the London Drugs incident but people should be wary of providing health data online.
"Private institutions have different motivations for medical records and financial information. Stay aware and don't stick your head in the sand," he said.
London Drugs may also take a nod from MGM Resorts International — the target of a massive cyberattack in September 2023 — and provide customers with a free service to monitor their data.
How long could London Drugs stay closed?
Hari said the company will likely grapple with the ramifications caused by the cyberattack for a while.
"It could be months or even years," he noted. "The Toronto Public Library is still dealing with [effects from a cyberattack] in February. Physical books off the shelf had to be re-scanned in.
"Digital systems may get up but [there are other] ramifications."
London Drugs told V.I.A. it will update the public as the investigation continues.