Hacked hospitals sending 326K letters to patients in Windsor, elsewhere | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Article content

Hundreds of thousands of patients, including many in Windsor-Essex, whose personal information was posted to the dark web following a cyberattack last fall will soon receive letters from impacted hospitals.

CEOs from all five Ontario hospitals devastated by the October attack announced at a joint news conference Wednesday that letters to more than 326,000 patients start going out next week.

Advertisement 2

Article content

Article content

“One patient is clearly too many,” said Windsor Regional Hospital CEO David Musyj.

He called criminal cyberattacks “disgusting acts, particularly when aimed at vulnerable populations, including those who come to our hospitals for care and the hard-working and dedicated front-line staff who care for them.”

Patient information was stolen from nearly 28,000 Windsor Regional patients, Musyj said. That information included names and possibly diagnoses, but not patient medical records, social insurance numbers, or banking information.

From Erie Shores HealthCare, CEO Kristin Kennedy said information from roughly 102,000 patients was taken, including names, addresses, and health card numbers.

Hotel-Dieu Grace Healthcare CEO Bill Marra said roughly 46,000 patients from the west Windsor hospital were impacted. Stolen data include names, dates of birth, diagnoses, treatment information and health card numbers.

“Please know that your privacy and your security are of the utmost importance to us, and we deeply regret any distress or inconvenience this incident may have caused,” Marra said.

Advertisement 3

Article content

Information for 82,000 patients at Bluewater Health in Sarnia was compromised, as was data for 69,000 patients at Chatham-Kent Health Alliance.

In addition to stealing sensitive information from hundreds of thousands of patients and staff, the hackers also shut down service systems at all five hospitals.

This week, the CEOs reported that most systems were back online, and that the patient experience was mostly back to normal.

The letters sent to impacted patients will state what information was breached and who to contact at each hospital for more information. Individuals who received care at more than one of the affected hospitals will receive multiple letters.

The hospitals’ approach to notifying individuals is being done in communication with Ontario’s Information and Privacy Commissioner.

In October, a group of hackers known as Daixin Team posted the information on the dark web and later claimed to have sold it.

TransForm Shared Service Organization provides taxpayer-funded IT, supply chain, and accounts payable services for all five hospitals. TransForm and the five hospitals face a proposed $480-million class action lawsuit launched by a Bluewater patient.

Advertisement 4

Article content

Recommended from Editorial

TransForm, which ran on a publicly funded budget of $25 million last fiscal year — and which spent $749 million in taxpayer dollars on supplies and more for the hospitals — has avoided or refused public comment on a range of issues since the ransomware was discovered.

While the hospital CEOs did not comment on TransForm’s lack of transparency during Wednesday’s joint media conference, Kennedy said the hospitals remain committed to a shared-service organization.

“We are TransForm. The hospitals are TransForm,” Kennedy said.

“We continue to support the work that they have done to … restoration as well as recovery in the past several months, and we continue to look at best practices to enhance digital services across the region.”

In roughly two months, Leamington’s Erie Shores HealthCare will open a new MRI mobile unit and prioritize patients currently on a regional MRI waitlist, Kennedy said. The cyberattack created a regional backlog of patients waiting for less-urgent diagnostic imaging.

[email protected]

Article content


Click Here For The Original Story From This Source.


National Cyber Security