The US cybersecurity agency CISA and the FBI had issued warnings about the risks of Daixin ransomware for healthcare organizations.
A data breach impacted various healthcare institutions, including Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, along with service provider TransForm Shared Service Organization, compromising a shared drive.
On Monday, Bluewater Health revealed that stolen data included a report of a patient database containing details of “approximately 5.6 million patient visits by roughly 267,000 unique patients” and some employee information. The organization is actively identifying affected individuals and investigating compromised employee details.
The compromised data on the shared drive included information about 1,446 individuals employed by Chatham-Kent Health Alliance as of February 2, 2021, such as names, addresses, genders, birthdates, marital statuses, social insurance numbers, and pay rates.
Erie Shores HealthCare experienced theft of some patient data, including “about 352 current and past employee social insurance numbers.”
Windsor Regional Hospital and Hôtel-Dieu Grace Healthcare had limited access to patient and employee information, without compromising medical or social insurance records.
The hospitals confirmed that no banking information was taken. They are actively investigating to identify those affected and diligently working to restore systems. Bluewater Health informed the Ontario Information and Privacy Commissioner about the incident.
Though the organization didn’t officially name the specific threat actor, the Daixin ransomware gang claimed responsibility for the attack, posting allegedly stolen data from the five hospitals online, totaling over 160 GB, including thousands of personally identifiable information (PII) and protected health records.
In October of the previous year, CISA and the FBI had warned healthcare organizations about the risks associated with Daixin ransomware.