Data stolen during a ransomware attack at five southwestern Ontario hospitals has been published.
Bluewater Health, the Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, reported earlier this week that patient and staff data had been compromised as part of a cyberattack that caused a systemwide outage at the hospitals on October 23.
The cyberattack targeted TransForm Shared Service Organization, which runs technology systems at all five hospitals.
Hospital officials have now said the data has been released as part of a blackmail attempt. Experts are reviewing the data to determine its contents.
“Our leaders, on advice by our experts that we could not verify claims by the attacker, decided we would not yield to their ransom demands,” the hospitals said in a joint statement.
By law, the hospitals are required to promptly notify any individual whose data was affected by the cyberattack.
The affected hospitals have notified the Ontario Information and Privacy Commissioner of the data breach. As well, municipal police departments, the Ontario Provincial Police, INTERPOL and the FBI are all actively investigating the cyberattack.
The hospitals continue to be affected by the system outage, which has impacted their access to Wi-Fi, email, and patient information systems.
“The hospitals will continue to do their best to contact patients directly in advance if they have a scheduled appointment with one of our hospitals that needs to be rescheduled,” the hospitals said. “If patients do not need emergency care, we ask that they please attend their primary care provider or local clinic.”
