Cybersecurity on alert: Canadian clinics in check
Cyber security at risk: Canadian healthcare faces large-scale data breaches
Five Canadian healthcare facilities have been hit by a ransomware attack that caused the leak of sensitive patient and employee data. The Daixin group claimed responsibility for the action. Investigations are underway.
Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.
A number of healthcare facilities in Canada, five to be exact, have confirmed that they were victims of a ransomware-type cyber attack, resulting in the unauthorized disclosure of sensitive data. The affected hospitals include Bluewater Health, Chatham-Kent Healthcare Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, as well as TransForm Shared Service Organization, a company that provides services to the aforementioned facilities.
Leak of sensitive data post-attack
The repercussions of the security breach manifest themselves in the release of patient and employee data from a storage unit shared between the affected entities. Bluewater Health disclosed the theft of a patient database report, which included approximately 5.6 million visits from nearly 267,000 unique patients, as well as information on some employees. Checks are currently underway to identify the individuals involved and establish the nature of the personnel information compromised.
Breach announcement details
The breach exposed detailed data of Chatham-Kent Health Alliance staff as of February 2, 2021, including names, addresses and identifying information. In addition, they stole information from a subset of Erie Shores HealthCare patients and social insurance numbers from approximately 352 current and former employees. However, no medical records or social insurance numbers at Windsor Regional Hospital and Hôtel-Dieu Grace Healthcare appear to have been accessed, and no banking information was stolen.
Reaction of hospitals and responsibility for the attack
The joint commitment of the affected hospitals is taking the form of investigations into the stolen material to quantify the extent of the damage and identify the victims. Meanwhile, the Information and Privacy Commission of Ontario has been notified. Although the party responsible for the attack has not been officially identified, the Daixin group has claimed responsibility for the criminal action, claiming the exfiltration of more than 160 GB of data including thousands of sensitive records such as personal identifying information (PII ) and protected health information (PHI). Similar concerns were raised by the US cybersecurity agency CISA and the FBI in October, which reported a growing threat posed by Daixin ransomware to the healthcare sector.Follow us on Threads for more pills like this