(844) 627-8267
(844) 627-8267

Hospitals hit by ransomware attack break down impact on operations, patients | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Five Southwestern Ontario hospitals were hit by a ransomware attack on Oct. 23, 2023. (CBC/Erie Shores Healthcare Facebook – image credit)

For the first time, top leadership from the five hospitals in southwestern Ontario hit by a ransomware attack answered questions from the media — acknowledging the significant impact the incident has had on care, as well as the large amount of data that has been stolen.

During the roughly 50-minute meeting on Friday, each hospital CEO said their facility has been hard hit by the Oct. 23 attack, but that recovery is ongoing and they’re getting by with the hard work of staff. With systems down and hospitals unable to access critical information, thousands of patient appointments have been cancelled across the five hospitals, creating backlogs of varying lengths at some of the facilities.

Some of the institutions also said that they have started reaching out to the thousands of patients and staff whose information has been leaked onto the dark web. The hospitals are providing those impacted with a free credit monitoring service.

The hospital CEOs also stood behind IT provider TransForm, saying that they are “confident” the group is working hard to get systems back online, with a priority on clinical services.

“We apologize for this. And we apologize for the inconvenience this has had and the issues this has caused for the patients in our community,” said Windsor Regional Hospital CEO David Musyj.

“But I can tell you individually and collectively, our focus is on them and our focus is on our staff to regain that trust.”

Here are the latest updates each hospital shared.

Bluewater Health 

Bluewater Health in Sarnia says without access to its systems, “there has been an impact on our families and patient experience.”

CEO Paula Reaume-Zimmer says urgent and emergency cases have been prioritized and as a result, their diagnostic imaging department has had to cancel more than 3,500 appointments, causing a “significant and growing backlog.”

She also says labs in the Sarnia and Petrolia regions are deferring walk-in, non-urgent cases to deal with emergent ones.

She says staff have been notifying patients of changes to their appointments, but that in some cases the patient hasn’t been told until they have arrived at the hospital.

Bluewater Health in Sarnia is one of five area hospitals currently experiencing a cyber attack. Bluewater Health in Sarnia is one of five area hospitals currently experiencing a cyber attack.

Bluewater Health in Sarnia is one of five area hospitals currently experiencing a cyber attack.

Bluewater Health in Sarnia had the greatest amount of patient data stolen during the cyberattack. It has started reaching out to 20,000 patients to make them aware of their social insurance number being stolen. (Kerri Breen/CBC)

Out of all the affected facilities, Bluewater Health has had the greatest amount of patient information leaked onto the dark web.

As a result of the cybercriminals gaining access to a patient database, information on all of Bluewater Health’s 267,000 patients that have attended the facility, and its predecessors, since 1992, have had their information stolen.

Starting Friday, Reaume-Zimmer said staff are reaching out to about 20,000 patients who have had their social insurance numbers (SINs) compromised.

The hospital said in a news release Friday that it has opened a phone line dedicated to dealing with this. It advises anyone who visited the hospital as of November 1999 for a work-related injury, such as a Workplace Safety and Insurance Board claim to phone (519) 346-4604.

As of Friday, the phone lines will be available from 9 a.m. to 5 p.m.

The hospital also notes that people should be aware of ongoing scams and not provide their SIN over the phone.

Reaume-Zimmer said there is still additional stolen information that they are still investigating.

Windsor Regional Hospital 

Windsor Regional Hospital CEO David Musyj says that diagnostic imaging and their curative radiation treatments took the largest hit during this attack.

Musyj said the number of diagnostic imaging appointments for a CT scan or MRI that need to be rescheduled are “into the thousands.” For other imaging, he said they are working to get these appointments done through community partners.

CEO of Windsor Regional Hospital David Musyj says the hospital’s diagnostic imaging and curative radiation treatments were paused due to the attack. As of Friday, radiation has been restored at full service. (Amy Dodge/CBC)

He added that though surgeries were postponed, they got back on track a few days after the cyberattack.

As of Friday, the hospital said that its curative radiation treatments are back up to full capacity.

The hospital says that for patients who had to go elsewhere to get their treatment, they are being told to complete their treatment at the location they started at for continuity of care and to avoid further delays.

On Nov. 6, the hospital had said in a news release that some patient data was breached and that included their name and a summary of their medical condition. It had also said some employee information was impacted, though that doesn’t appear to include SIN or banking information.

Hotel-Dieu Grace Healthcare

Services and programs at Windsor’s Hotel-Dieu Grace, according to CEO Bill Marra, have not been impacted by the cyberattack. He added that while there has been some efficiency and timing issues, all of their inpatient and outpatient programs have been running.

Marra said that the hospital is only aware of an employee database being stolen, which included information on 1,396 current and former employees. These are workers who started their employment at the hospital as of Nov. 4, 2022.

Kristin Kennedy is the president and CEO of Erie Shores HealthCare. The hospital introduced a new cancer care satellite clinic on Wednesday, Sept. 13, 2023. Kristin Kennedy is the president and CEO of Erie Shores HealthCare. The hospital introduced a new cancer care satellite clinic on Wednesday, Sept. 13, 2023.

Kristin Kennedy is the president and CEO of Erie Shores HealthCare. The hospital introduced a new cancer care satellite clinic on Wednesday, Sept. 13, 2023.

Kristin Kennedy is the president and CEO of Erie Shores HealthCare. (Dale Molnar/CBC)

Full names, SINs and basic rates of pay were stolen, according to Marra, who added that they aren’t aware of any banking information having been taken. He said these people will be receiving a letter in the mail.

“Our resiliency has been once again tested by way of a crisis and once again we demonstrated that we put our people, our patients, our clients and our community first,” he said.

Erie Shores Healthcare

Kristin Kennedy, the CEO of Erie Shores Healthcare in Leamington, says the biggest impact has been on their diagnostic imaging, with ultrasounds, CT scans and mammograms having to be rescheduled. Some of these appointments have been delayed by six weeks.

X-rays and nuclear tests, according to Kennedy, have continued.

By the end of November, Kennedy says they anticipate that full capacity for imaging will be restored and that by the end of December, services will have fully resumed.

Kennedy says the reason for the delays is because radiologists have limited capacity to read the images.

Bill Marra is the president and CEO of Hotel-Dieu Grace Healthcare and said he's working with community partners to improve mental health care in Windsor-Essex.Bill Marra is the president and CEO of Hotel-Dieu Grace Healthcare and said he's working with community partners to improve mental health care in Windsor-Essex.

Bill Marra is the president and CEO of Hotel-Dieu Grace Healthcare and said he’s working with community partners to improve mental health care in Windsor-Essex.

Bill Marra is the president and CEO of Hotel-Dieu Grace Healthcare. He says the hospital’s services and programs will able to still function despite the attack, though there may have been some timing delays. (Jason Viau/CBC)

She says to mitigate this issue they are creating a separate system to “fill the current gap,” and that this system will provide “redundancy” that will protect the imaging services against similar issues in the future.

There’s been 350 current and previous staff members whose information has been stolen, according to Kennedy. In particular, she says their names and SINs have been taken. The employees worked during two pay periods, June 2019 and January 2020.

She added that banking information is not part of this.

Kennedy says they are still looking at remaining data that might have been leaked.

Chatham-Kent Health Alliance 

Chatham-Kent Health Alliance CEO Lori Marshall said that in the first few days of the attack, surgeries and procedures were rescheduled, but since then the hospital has returned to “more normal” volumes.

The hospital says it has deferred new chemotherapy patients to London, but will transition those patients back once their systems are up and running.

Stroke patients have also been sent via ambulance to either Windsor Regional Hospital or London Health Sciences Centre.

Marshall says the hospital is relying on community partners to help them do imaging, but cancer patients with imaging needs are being sent to London.

Lori Marshall, CEO of the Chatham-Kent Health Alliance, says they will follow the first priority group laid out by the province.Lori Marshall, CEO of the Chatham-Kent Health Alliance, says they will follow the first priority group laid out by the province.

Lori Marshall, CEO of the Chatham-Kent Health Alliance, says they will follow the first priority group laid out by the province.

Lori Marshall is the CEO of the Chatham-Kent Health Alliance. (Dale Molnar/CBC)

“In times like these, it is easy to feel overwhelmed and frustrated and vulnerable. The impact of the cyberattack extends far beyond the digital realm and when it affects an institution like a hospital, we know that it has real-life impacts,” she said.

As for the data that has been leaked, Marshall confirmed that a database report containing information on about 1,446 employees, who started working at the organization as of Feb. 2, 2021, was breached.

The information stolen includes names, addresses, SINs, gender, marital status, date of birth and pay rates. Marshall says no banking information was taken.

Marshall says that these employees will be notified by the end of this week and early next week.

Hospitals address transparency concerns

Since the cyberattack took place, hospital IT provider TransForm and the impacted hospitals have released eight joint news statements.

CBC News has repeatedly asked for interviews or the opportunity to ask questions during the last four weeks, but has been declined.

Friday was the first time that the hospital CEOs took questions from the media.

Before reporters asked questions, a spokesperson for one of the hospitals said that for “security reasons” CEOs could not comment on the specific actions of the cybercriminal or the steps being taken to secure the new system.

When asked why CEOs waited four weeks to speak about the situation, as well as why they haven’t been more forthcoming with answering questions, Marra of Hotel-Dieu Grace said he believes the hospitals have been very transparent.

In addition to several news releases, Marra said that “our communication has been with our people, our patients, working with the privacy commissioner, having town halls, meeting with our staff one on one on the units, issuing letters and notices.”

“So there has been transparency, it may not meet the standard of some people, but we have done an exceptionally good job, in a very responsible and safe way to not further compromise what we’ve already experienced,” he said.

He also added that they’ve had to protect the integrity of ongoing police investigations.

——————————————————–


Click Here For The Original Source.

National Cyber Security

FREE
VIEW