Cancer treatments cancelled after Canadian hospitals hit by ransomware attack

A ransomware attack impacting five hospitals in southwestern Ontario, Canada, has seen hackers gain access to a database containing 5.6 million patient visits, and the social insurance numbers of over 1400 employees.

The attack against IT service provider TransForm, which took place on October 23, resulted in outages in IT systems at Windsor Regional Hospital, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health and Chatham-Kent Health Alliance, leaving patients facing appointment delays and cancelled surgeries.

Cancer patients expecting radiation treatment at Windsor Regional Hospital reportedly faced the inconvenience and discomfort of being transferred to other hospitals earlier this month, due to disruption caused by the attack.

Local media reported that the breach of TransForm's infrastructure prompted the shut down of hospital email systems, Wi-Fi, and patient information systems - forcing staff to resort to using pen and paper.

The ransomware group known as the Daixin Team has claimed responsibility for the attack, which saw the destruction of backups.  Although a negotiator working on behalf of the hospitals is said to have been in touch with the criminals behind the attack, it is understood that they have told the extortionists that no ransom will be paid.

We have strongly considered your demands, but we cannot pay. We have to use our money, all of our money, for our patients. We understand that this will upset you. But please know this: cancer treatment is being cancelled. Surgeries are being postponed. Our patients are hurting. We are doing our best to restore our operations, and we will recover. But this attack has resulted in actual pain and suffering. We cannot pay, and we are asking you to delete the data and leave us alone. Our patients and staff have endured enough.

It is thought that the attackers were hoping to receive a ransom of approximately $4 million.

The ransomware group has dumped hundreds of gigabytes of data stolen from the hospitals' internal servers and is threatening to continue to leak more or sell it on underground forums to scammers and fraudsters.

Information published on Daixin Team's leak site include records related to patients' COVID-19 vaccinations (including names and dates), as well as documents related to specific patients' diagnoses and medication.

A representative of Daixin Team told Databreaches.net that system administrators working for TransForm had made the mistake of using the same passwords "everywhere," and that this and a lack of segmentation helped them infiltrate across the networks.