Shared service provider TransForm has published an update on the cyberattack that recently impacted operations in multiple hospitals in Ontario, Canada, clarifying that it was a ransomware attack. TransForm is a not-for-profit, shared service organization founded by five hospitals in Erie St. Clair, Ontario, to manage their IT, supply chain, and accounts payable. Reported that the DAIXIN Team claimed responsibility for the attack and the hackers gradually started to leak samples of the data stolen from the hospitals' networks. The threat actors stated they might stop the leak as they were more interested in selling it to data brokers. In an update yesterday, TransForm confirmed the ransomware attack and that the hackers exfiltrated from their systems. "Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, and our shared service provider TransForm Shared Service Organization were recently the victims of a ransomware attack," reads the statement. "We did not pay a ransom and we are aware that data connected to the cyber incident has been published." - TransForm. The organization explained that the attackers compromised an operations file server that hosted employee data, and also shared drive space used by the impacted hospitals. The shared drive has varying impact on the hospitals, as each opted to store different types and amounts of data in it. Bluewater Health: Data on 5.6 million patient visits corresponding to 267,000 unique patients. Chatham-Kent Health Alliance: Data on 1446 individuals who worked in the hospital as of February 2021. Erie Shores HealthCare: Data on 352 current and past employees of the hospital. Windsor Regional Hospital: Data on a limited number of patients, including names and a brief summary of their medical conditions. Hôtel-Dieu Grace Healthcare: Data on some patients. For Bluewater Health, which had the most data exposed, the statement clarifies that the information does not include clinical records. TransForm's announcement concludes by asking for patience as the process of determining the scope of the impact and the types of data that have been exposed is time-consuming. BORN Ontario child registry data breach affects 3.4 million people. Seiko says ransomware attack exposed sensitive customer data. 23andMe hit with lawsuits after hacker leaks stolen genetics data. Genetics firm 23andMe says user data stolen in credential stuffing attack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000