Tens of thousands of patients in Chatham-Kent will soon be notified that their information was stolen as part of a cyberattack and massive data breach at five southwestern Ontario hospitals.
Around 69,000 current and former patients of the Chatham-Kent Health Alliance (CKHA) will begin receiving letters in the mail next week, stating that their information was stolen by cybercriminals during the attack on October 23, 2023.
Along with CKHA, the cyberattack targeted Bluewater Health, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, along with their shared services provider, TransForm Shared Service Organization.
Thousands of patients at the other hospitals will also receive notification letters. Hospital officials said if a patient was seen at multiple hospitals, they will likely receive multiple letters.
“We deeply regret any distress this has caused to our patients and their families and we extend our sincerest apologies for the inconvenience and anxiety that this incident has caused,” said CKHA President and CEO Lori Marshall.
Leadership from the five hospitals said a review of affected data was recently completed, which included patient and employee information. This could include a patient’s name, address, name of treatment, diagnosis, appointment dates, and very few health card numbers. Patient Social Insurance Numbers were not impacted and except for Bluewater Health, no electronic medical records were stolen.
“Much work has been done to date to enhance our cyber security measures to ensure we can better defend ourselves against these types of attacks that have, unfortunately, become all too common,” said Marshall.
The hospitals worked with Ontario’s Information and Privacy Commissioner on their approach to notifying individuals affected by the data breach.
Municipal police departments, the Ontario Provincial Police, INTERPOL and the FBI are all actively investigating the cyberattack.