Second batch of data stolen in hospital ransomware attack appears to have been leaked
A notorious ransomware group who claims to be behind the recent cyberattack targeting five southwestern Ontario hospitals appears to have published a second batch of data online.
CTV News has viewed a portion of the site on the dark web where the data appears to be leaked.
The latest release appears to include patient data related to COVID-19 vaccinations and medications, as well as internal hospital files – including some with employee information that is password-protected.
The first release of patient and staff data was published by the group ‘Daixin Team’ this past Wednesday.
Since Oct. 23, some online services at Bluewater Health, Chatham-Kent Health Alliance, Erie Shores Healthcare, Hotel-Dieu Grace Healthcare and Windsor Regional Hospital have been down due to the outage, prompting cancer surgeries and appointments to be rescheduled.
Local police, including the OPP are investigating the cyberattack, along with the FBI and INTERPOL.
The FBI and Homeland Security in the U.S. have issued warning separately about the Daixin Team targeting hospitals.
The advisory describes Daixin as a “..cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations.” It goes on to say that “The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022.”
A publication called databreaches.net says it has spoken directly with members of the Daixan Team.
They say the group may hold off on leaking 100 per cent of the data in their possession and instead choose to sell it to data brokers.
The motivations behind the attack are unclear, but hospital officials say they are unwilling to pay the ransom amount requested by the cyberattackers.