Excerpt from CBC Article, Published on Nov 06, 2023
In a concerning development, a recent ransomware attack on five southwestern Ontario hospitals has exposed sensitive patient information and employee data. This breach, which occurred on October 23, has raised alarm bells as hackers have published multiple rounds of stolen data on the dark web. Notably, none of the affected hospitals or their IT and payroll administration organization, TransForm, have given in to the attackers’ ransom demands.
The latest update, released on Monday, provided detailed insights into the extent of the data breach at each hospital. Here is a summary of the affected institutions and the stolen data:
Bluewater Health in Sarnia: The stolen database includes information on 5.6 million patient visits, involving 267,000 unique patients. Notably, it did not include clinical documentation records. Employee and staff social insurance numbers (SINs) and banking information remained secure.
Chatham-Kent Health Alliance: A database containing information on 1,446 employees was taken. This database included names, SINs, addresses, and pay rates, among other personal details. However, professional staff and volunteers were not affected, and no banking information was stolen. The hospital’s electronic health records were not compromised, but some patient information from a shared drive is still under analysis.
Erie Shores HealthCare in Leamington: A limited set of stolen data contains 352 current and past employee SINs. Not all employees were affected, and those impacted will receive direct notifications. No banking information was compromised.
Windsor Regional Hospital: Staff members used a small portion of a shared drive that contained some patients’ names and succinct summaries of their medical conditions. Notably, it did not include patient charts or electronic medical records. While some employee information, like staff schedules, was affected, the hospital believes no SINs or banking information were taken.
Hôtel-Dieu Grace Healthcare in Windsor: The breached shared drive included some patient information that the hospital is still examining. Employee information was stolen, but SINs and banking information remained secure.
All the hospitals have pledged to provide free credit monitoring to their employees and professional staff. Past employees whose data may have been compromised will also receive instructions on how to sign up for credit monitoring.
Despite the severity of the attack, the hospitals have not given in to the ransom demands. They have reported their findings to the Ontario Information and Privacy Commissioner and are actively working to restore their systems.
To address concerns from patients and employees, the hospitals have set up a cybersecurity hotline for inquiries. The hospitals jointly expressed their condemnation of cybercriminal actions and apologized to their communities for the incident.
This latest data breach underscores the growing threat of ransomware attacks in the healthcare sector. It is a stark reminder of the importance of robust cybersecurity measures and the need for continuous vigilance against such threats.
To delve deeper into this topic, please read the full article on CBC.