Shared services provider TransForm has released an update on a recent cyberattack that hit several hospitals in Ontario, Canada, claiming it was a ransomware attack. The organization confirmed that the attackers had stolen a database containing information on 5.6 million patient visits, corresponding to approximately 267,000 people.
TransForm is a not-for-profit shared services organization founded by five hospitals in Erie St. Clair, Ontario to manage their IT, supply chain and accounts payable.
The cyberattack occurred in late October, affecting five hospitals under the organization’s umbrella, including Bluewater Health, also an Ontario hospital that relies on Transform services.
The incident caused disruption, forcing health care providers to reschedule appointments and transfer non-emergencies to other clinics in the area. BleepingComputer contacted the organization at the time, but did not receive any details about the type of attack TransForm faced.
Last week, DataBreaches. reports that the DAIXIN group claimed responsibility for the attack, and the hackers gradually began leaking samples of data stolen from the hospital’s network.
The attackers said they could stop the leak because they were more interested in selling the data to brokers.
In yesterday’s update, TransForm confirmed the ransomware attack and that the hackers have exited their systems. The organization also made it clear that it had no intention of paying the ransom.
“Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, as well as our shared services provider TransForm Shared Service Organization, were recently victims of a ransomware attack,” the statement said. “We did not pay the ransom and are aware that data related to the cyber incident has been released.” – TransForm
The organization explained that the attackers compromised an operational file server that stored employee data as well as shared disk space used by the affected hospitals.
Shared drives have different implications for hospitals, as each hospital chooses to store different types and amounts of data on them.
Bluewater Health: Data on 5.6 million patient visits, corresponding to 267,000 unique patients.
Chatham-Kent Health Alliance: Data for 1,446 people employed at the hospital as of February 2021. Includes names, addresses, social security numbers, gender, marital status, date of birth, and pay level.
Erie Shores HealthCare: Data on 352 current and former hospital employees.
Windsor Regional Hospital: Data on a limited number of patients, including names and brief descriptions of their conditions.
Hôtel-Dieu Grace Healthcare: data on some patients (currently under analysis)
For Bluewater Health, which released the most data, the release clarified that the information does not include clinical records. However, the exact contents of the stolen files are still under investigation.
TransForm’s announcement ended with an appeal for patience as it takes time to determine the extent of the impact and the type of data exposed. This organization promises to provide regular information on this matter.