Sarnia's Bluewater Health hit hardest in ransomware attack on five hospitals

CKTB-News- Brock U cyberattack

The bulk of information stolen as the result of a ransomware attack on five Ontario hospitals was taken from a hospital in Sarnia, but only a limited amount from hospitals in Windsor-Essex.

Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare in Leamington, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, and their shared service provider TransForm Shared Service Organization, were the victims of a ransomware attack on Oct. 23.

In a statement released Monday, officials say they have made progress in evaluating the affected data and can say the attack did not involve the theft of databases linked to employee payroll, accounts payable, donor information, and electronic health record for all institutions, other than Bluewater Health in Sarnia, which was hit the hardest.

The stolen data from BWH includes information about approximately 5.6 million patient visits made by approximately 267,000 unique patients.

The stolen database report did not include clinical documentation records but the hospital is still in the process of determining the precise individuals included in this database report and the data that was taken and will notify those affected in accordance with the law.

Windsor Regional Hospital reports a very limited portion of a shared drive used by hospital staff was accessed by the attackers. 

The preliminary review indicates that in the shared drive that was breached, some patients were identified by name only or some with a brief summary of their medical condition but not with any patient charts/electronic medical records.

While it does appear that information pertaining to employees was affected to some degree, WRH has reached the preliminary conclusion that no employee or professional staff social insurance numbers or banking information were affected. 

Hôtel-Dieu Grace Healthcare's Electronic Health Record was not affected by this incident, however, the breached shared drive did contain some HDGH patient information that HDGH is currently analyzing.

Erie Shores HealthCare's Electronic Health Record was not affected by this incident but the hospital has identified a limited set of stolen data that includes approximately 352 current and past employee social insurance numbers.  As it does not appear that the entire workforce was affected, ESHC will be individually notifying those impacted.

No banking information was stolen.

Chatham-Kent Health Alliance's Electronic Health Record was not affected by this incident. The impacted shared drive did contain some CKHA patient information that CKHA is currently analyzing.

A band of cyber-criminals called ‘Daixin Team’ is claiming to be the group responsible for the cyber attack but a ransom was not paid.

Data connected to the ransomware attack has been published on the internet.

While the hospitals are sharing an update, officials ask everyone to understand that more work must be done to understand precisely which individuals and what data types were taken. 

The teams continue to work around the clock to restore systems. In the coming days, officials anticipate providing a timeline on the restoration of operations at the facilities.

A patient cybersecurity hotline has been established. For inquiries please call: 519-437-6212 (8 a.m. to 11 p.m. Monday through Friday).