5 Canadian hospitals have confirmed that affected person and worker knowledge that was stolen in a ransomware assault has been leaked on-line.
The data breach impacts Bluewater Well being, Chatham-Kent Well being Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, together with service supplier TransForm Shared Service Group. A shared drive was compromised as a part of the incident.
On Monday, Bluewater Well being stated {that a} affected person database report that included “roughly 5.6 million affected person visits made by roughly 267,000 distinctive sufferers” was stolen, together with some worker knowledge, from the shared drive.
The group is now engaged on figuring out the impacted people and can also be investigating the kind of worker info that was compromised.
The shared drive contained info pertaining to 1,446 people employed by Chatham-Kent Well being Alliance as of February 2, 2021, together with their names, addresses, gender, dates of start, marital statuses, social insurance coverage numbers, and fundamental pay charges.
The data of some Erie Shores HealthCare sufferers was additionally stolen within the assault, together with “roughly 352 present and previous worker social insurance coverage numbers”.
For Windsor Regional Hospital and Hôtel-Dieu Grace Healthcare, restricted affected person and worker info was accessed, however no medical information or social insurance coverage numbers.
No banking info was stolen within the assault, the hospitals stated.
“All hospitals have a point of affected person and worker info affected. All of our hospitals are diligently investigating the stolen knowledge to find out who’s impacted. […] The groups proceed to work across the clock to revive methods,” Bluewater Well being stated, noting that the Ontario Data and Privateness Commissioner has been notified of the incident.
Whereas the group didn’t identify the risk actor behind the assault, the Daixin ransomware gang has claimed accountability for the incident and has posted on-line knowledge allegedly stolen from the 5 hospitals.
The group claims to have exfiltrated greater than 160 GB of information, together with hundreds of personally identifiable info (PII) and guarded well being info (PHI) information.
In October final 12 months, the US cybersecurity company CISA and the FBI warned healthcare organizations of the chance related to the Daixin ransomware.
