Ontario hospitals send 326K letters to patients whose info was stolen in cyberattack
Five hospitals in Ontario, which fell victim to a ransomware attack last autumn, are currently in the process of dispatching over 326,000 letters to notify individuals whose personal data was compromised.
The cyber assault, which occurred on October 23, targeted Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital.
In a collective statement, the hospitals clarified that, with the exception of Bluewater Health, electronic medical records remained unaffected by the attack. However, personal health information stored elsewhere within the hospital systems was unlawfully accessed, with some of it surfacing on the dark web.
The hospitals have estimated that approximately 326,800 patients had their data compromised. It’s important to note that this figure might include duplicates for individuals who sought services at multiple hospitals. Patients who had interactions with more than one of the impacted hospitals should anticipate receiving multiple notifications.
“The incident’s complexity necessitated several months for data analysis,” stated the hospitals on Wednesday. “Each hospital was impacted differently, and we meticulously evaluated every affected file to ensure comprehensive patient notification.”
Patients whose social insurance numbers were exposed will also receive information regarding credit monitoring, as outlined in the statement.
The hospitals confirmed that they coordinated their patient notification strategy with Ontario’s Information and Privacy Commissioner and expressed sincere apologies to patients, communities, and healthcare professionals for the disruption caused by the cyber attack.
Apart from the hospitals, the ransomware attack also affected TransForm, a non-profit entity responsible for overseeing the hospitals’ IT systems. The group disclosed that the attack disrupted hospital operations and compromised certain patient, employee, and professional staff data. Despite the ransom demands, the hospitals opted not to comply on expert advice
Zain Hassan is a passionate writer and expert in the realms of cybersecurity and ethical hacking. With a keen interest in technology from a young age, Zain's journey into the world of cybersecurity began with an insatiable curiosity about how systems worked and a desire to understand the intricacies of digital security.
