November 08, 2023
Promo Protect all your devices, without slowing them down. Free 30-day trial
A ransomware attack impacting five hospitals in southwestern Ontario, Canada, has seen hackers gain access to a database containing 5.6 million patient visits, and the social insurance numbers of over 1400 employees.
The attack against IT service provider TransForm, which took place on October 23, resulted in outages in IT systems at Windsor Regional Hospital, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health and Chatham-Kent Health Alliance, leaving patients facing appointment delays and cancelled surgeries.
Cancer patients expecting radiation treatment at Windsor Regional Hospital reportedly faced the inconvenience and discomfort of being transferred to other hospitals earlier this month, due to disruption caused by the attack.
Local media reported that the breach of TransForm’s infrastructure prompted the shut down of hospital email systems, Wi-Fi, and patient information systems – forcing staff to resort to using pen and paper.
The ransomware group known as the Daixin Team has claimed responsibility for the attack, which saw the destruction of backups. Although a negotiator working on behalf of the hospitals is said to have been in touch with the criminals behind the attack, it is understood that they have told the extortionists that no ransom will be paid.
It is thought that the attackers were hoping to receive a ransom of approximately $4 million.
The ransomware group has dumped hundreds of gigabytes of data stolen from the hospitals’ internal servers and is threatening to continue to leak more or sell it on underground forums to scammers and fraudsters.
Information published on Daixin Team’s leak site include records related to patients’ COVID-19 vaccinations (including names and dates), as well as documents related to specific patients’ diagnoses and medication.
A representative of Daixin Team told Databreaches.net that system administrators working for TransForm had made the mistake of using the same passwords “everywhere,” and that this and a lack of segmentation helped them infiltrate across the networks.