Health

Further Update on Cyber Attacks At Regional Hospitals

Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, and their shared service provider TransForm Shared Service Organization were recently the victims of a ransomware attack.

Progress has been made in evaluating the affected data and preliminary conclusions show that the attack did not involve the theft of databases linked to:

  • Employee Payroll
  • Accounts Payable (i.e. vendor payments or payments to professional staff)
  • Electronic Health Record for all institutions other than Bluewater Health
  • Donor information

The attackers targeted a Bluewater Health patient database report. They also were able to steal data from an operations file server that housed a segmented employee shared drive used by all our hospitals. The shared drive data included patient and employee information of varied amounts and sensitivity.

This incident has affected each institution differently. Some are less severely impacted than others. The stolen data is in many formats, some of which are easier to analyze.

The following is an initial update on what is known right now. It is not a comprehensive report on the stolen data, as analysis remains ongoing.

It is important to note this is not the official notification to individuals.

Erie Shores HealthCare

ESHC’s Electronic Health Record was not affected by this incident. The impacted shared drive did contain some ESHC patient information that ESHC is currently analyzing.

ESHC has identified a limited set of stolen data that includes approximately 352 current and past employee social insurance numbers. As it does not appear that the entire workforce was affected, ESHC will be individually notifying those impacted.

No banking information was stolen.

ESHC has been distributing two years of complimentary credit monitoring, on site since Monday, October 30. ESHC will continue to provide this, on site, to current employees for the foreseeable future, and we encourage all employees to sign up. For those past employees included in the affected data who have not signed up in person, ESHC will be mailing you a letter with your unique credit monitoring code and instructions.

Bluewater Health

BWH can confirm the theft of a database report. The stolen data includes information about approximately 5.6 million patient visits made by approximately 267,000 unique patients. The stolen database report did not include clinical documentation records. BWH is still in the process of determining the precise individuals included in this database report and the data that was taken, and will notify those affected in accordance with the law.

While it does appear that information pertaining to employees was affected to some degree, BWH has reached the preliminary conclusion that no employee or professional staff social insurance numbers or banking information was taken. Since Monday, October 30, BWH has been distributing two years of complimentary credit monitoring to all employees and professional staff.

Windsor Regional Hospital

A very limited portion of a shared drive used by hospital staff was accessed by the attackers. The preliminary review indicates that in the shared drive that was breached, some patients were identified by name only, and some with a brief summary of their medical condition, but not with any patient charts/electronic medical records.

While it does appear that information pertaining to employees was affected to some degree (e.g. staff schedules) WRH has reached the preliminary conclusion that no employee or professional staff social insurance numbers or banking information were affected. Since Monday, October 30, Windsor Regional Hospital has been distributing two years of complimentary credit monitoring to all employees and professional staff.

Hôtel-Dieu Grace Healthcare

HDGH’s Electronic Health Record was not affected by this incident. The breached shared drive did contain some HDGH patient information that HDGH is currently analyzing.

While it does appear that some information pertaining to employees was stolen, HDGH has reached the preliminary conclusion that no employee or professional staff social insurance numbers or banking information were taken. Since Monday, October 30, HDGH has been distributing two years of complimentary credit monitoring to all employees and professional staff.

Chatham-Kent Health Alliance

CKHA’s Electronic Health Record was not affected by this incident. The impacted shared drive did contain some CKHA patient information that CKHA is currently analyzing.

CKHA can confirm the theft of an employee database report containing information about 1446 individuals employed by CKHA as of February 2, 2021.  If you were employed by CKHA on that date, CKHA believes that your data was taken, including name, address, social insurance number, gender, marital status, date of birth and basic pay rate. This database report does not appear to include professional staff or volunteers.

No banking information was stolen.

CKHA has been distributing two years of complimentary credit monitoring, on site, since Monday, October 30. CKHA will continue to provide this, on site, to current employees for the foreseeable future, and we encourage all employees to sign up. For those past employees included in the database report who have not signed up in person, CKHA will be mailing you a letter with your unique credit monitoring code and instructions.

Next Steps

All hospitals are committed to transparency and will provide regular updates as we learn more.  The teams continue to work around the clock to restore systems. In the coming days, a timeline on the restoration of operations at our facilities will be provided.

These findings have been reported to the Ontario Information and Privacy Commissioner, and everyone who has been affected will receive notification in accordance with the law.

A patient cybersecurity hotline has been established. For inquiries please call 519-437-6212 (8 a.m. to 11 p.m. Monday through Friday). Staff questions can be directed to their HR teams.

Leave a Comment

Your email address will not be published. Required fields are marked *

*