Five hospitals in southwestern Ontario have been grappling with a crippling ransomware attack for twelve days, severely impacting healthcare services in the region. Recently, a cybercriminal group took responsibility for the attack, shedding light on the incident and asserting their theft of millions of private patient records.
Windsor Regional Hospital’s chief executive officer, David Musyj, provided a comprehensive update on the situation. He revealed that the affected hospitals had closely considered the ransom demand but ultimately decided against paying it. Musyj expressed their distrust in the criminal’s promise to delete the stolen information and emphasized that paying the ransom would not expedite the safe restoration of the hospital network.
This marks the first time Musyj has spoken publicly about the attack, countering the claims made by the cybercriminals in their online blog. Following the hospitals’ refusal to pay the ransom, the hackers followed through on their threat by releasing a portion of private health information. These revelations, including details about the cybercriminal group behind the attack, have been unveiled in an article from DataBreaches.net, a website maintained by an anonymous individual known as Dissent Doe.
Dissent Doe, who has been reporting on cybersecurity issues since 2006, disclosed that they lack expertise in cybersecurity. Nonetheless, reports confirmed Dissent’s identity and acknowledged the website’s track record of reliable reporting on cyberattacks. Brett Callow, a threat analyst from Emsisoft, suggests that while Dissent’s reports are reputable, caution should be exercised when considering the claims made by hackers.
Multiple law enforcement agencies, including Interpol and the FBI, are actively investigating the cyberattack, which disrupted essential healthcare services across Windsor-Essex, Chatham-Kent, and Sarnia. The attack on TransForm, the hospitals’ IT provider, necessitated the shutdown of internal health systems, forcing staff to resort to paper charting.
Throughout the ongoing ordeal, cancer patients have had to seek care at other facilities, staff payroll has been disrupted, and personal health information has been posted on the dark web. According to Dissent’s reporting, the group claiming responsibility for the attack is identified as Daixin.
Daixin, according to Dissent, managed to access TransForm’s systems a week before launching the attack on October 23, asserting that the hospital’s network was “completely transparent.” The hackers have also claimed to destroy TransForm’s backups. Callow suggests that ransom demands can vary significantly but speculates that in this case, the ransom could exceed $1 million.
In a message exchange published by Daixin, the hospital negotiated with the cybercriminal group, pleading for the safe return of patient data and normalcy. Daixin responded by insinuating that the hospital might end up paying more to restore their systems than the ransom amount. Callow emphasizes that paying a ransom does not guarantee a streamlined or easy recovery process.
Despite the hardships endured over the past 11 days, Musyj commended the hospital staff’s dedication and resilience. He revealed that no ambulatory surgical procedures were delayed, and scheduled surgeries are on the path to recovery. The hospital’s primary focus is on ensuring the safety of cancer patients and their radiation treatments.
Musyj emphasized the hospitals’ collaboration with cybersecurity experts and Ontario Health to regain stability. However, as the hospitals seek to recover from this crisis, the ordeal is far from over, and it is expected to take several weeks for healthcare services to return to normal.