Skip to main content

Ransomware attack at southwestern Ontario hospitals compromises patient, employee data

Share

The data of certain patients and employees have been compromised due to a ransomware attack, several southwestern Ontario hospitals say.

In a joint statement released on Tuesday, Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, and their shared service provider TransForm Shared Service Organization confirmed that they had been targeted in a cybersecurity incident.

“Working with leading cybersecurity experts, we have determined through our investigation that, unfortunately, certain patient, employee and professional staff data has been taken, and there is the possibility that the actors responsible for this attack may publish some of the stolen data,” the statement read.

“We continue to investigate to determine the exact data impacted, and any individuals whose data was affected by this cyberattack will be notified in accordance with the law.”

Some online services at the hospitals have been down since Oct. 24.

According to the Canadian Centre for Cyber Security, a ransomware attack involves cybercriminals using malicious software to encrypt, steal, or delete a user's or an organization’s data and then demand payment to restore it.

The centre said ransomware is the most common threat Canadians face and is on the rise. It noted that the attack can have severe impacts, including core business downtime, permanent data loss, intellectual property theft, privacy breaches, reputational damage and expensive recovery costs.

Windsor Regional Hospital is seen here on April 9, 2021. (Bob Bellacicco/CTV News Windsor)

The hospitals said they are working around the clock to restore their systems. On their websites, the hospitals have posted messages alerting their patients that they continue to experience a system outage due to the attack.

The hospitals said they are working closely with different local and international law enforcement agencies, including the INTERPOL and the Federal Bureau of Investigation. They added that they had notified the Ontario Information and Privacy Commissioner and other regulatory organizations.

“We understand the impact this incident is having on members of our community, including patients and our employees and professional staff, and deeply apologize for the inconvenience this has caused. We want to thank everyone for their patience during this time,” the hospitals said.

They noted that they will do their best to contact patients in advance if they have a scheduled appointment that needs to be rescheduled.

The hospitals also advise patients who do not need emergency care to attend their primary care provider or local clinic.

CTVNews.ca Top Stories

Stay Connected