Windsor

CEOs of Ontario hospitals hit by ransomware attack break down impact on operations, patients

For the first time, top leadership from the five hospitals impacted by a ransomware attack in southwestern Ontario answered questions from the media — acknowledging the significant impact the incident has had on care as well as the large amount of stolen data.

Hospital CEOs hold 1st news conference since Oct. 23 attack

A collage featuring signs or exteriors of five hospitals.
Five southwestern Ontario hospitals were hit by a ransomware attack on Oct. 23 that's still having an impact today. (CBC/Erie Shores Healthcare Facebook)

For the first time, top leadership from the five southwestern Ontario hospitals hit by a ransomware attack answered questions from the media — acknowledging the significant impact the incident has had on care, as well as the large amount of stolen data.  

During the roughly 50-minute meeting on Friday, each hospital CEO said their facility has been hard hit by the Oct. 23 attack, but recovery is ongoing and they're getting by with the hard work of staff. With systems down and hospitals unable to access critical information, thousands of patient appointments have been cancelled across the five hospitals, creating backlogs of varying lengths at some of the facilities. 

Some of the institutions also said they have started reaching out to the thousands of patients and staff whose information has been leaked onto the dark web. The hospitals are providing those impacted with a free credit monitoring service. 

The hospital CEOs also stood behind IT provider TransForm, saying they are "confident" the group is working hard to get systems back online, with a priority on clinical services. 

"We apologize for this. And we apologize for the inconvenience this has had and the issues this has caused for the patients in our community," said Windsor Regional Hospital CEO David Musyj. 

"But I can tell you individually and collectively, our focus is on them and our focus is on our staff to regain that trust." 

Here are the latest updates each hospital shared. 

Bluewater Health 

Bluewater Health in Sarnia said that without access to its systems, "there has been an impact on our families and patient experience." 

CEO Paula Reaume-Zimmer said urgent and emergency cases have been prioritized, and as a result, their diagnostic imaging department has had to cancel more than 3,500 appointments, causing a "significant and growing backlog." 

It's unclear how long patients will be waiting to get their appointment, she said. 

She added that staff have been notifying patients of changes to their appointments, but in some cases, the patient hasn't been told until they have arrived at the hospital. 

She also said labs in the Sarnia and Petrolia regions are deferring walk-in, non-urgent cases to deal with emergent ones. 

A photo of a window with the Bluewater health logo
Bluewater Health in Sarnia had the greatest amount of patient data stolen during the cyberattack. It has started reaching out to 20,000 patients to make them aware of their social insurance number being stolen. (Kerri Breen/CBC)

Out of all the affected facilities, Bluewater Health has had the greatest amount of patient information leaked onto the dark web.

As a result of the cybercriminals gaining access to a patient database, information on all of Bluewater Health's 267,000 patients who have attended the facility, and its predecessors, since 1992 has been compromised. 

Starting Friday, Reaume-Zimmer, said staff are reaching out to about 20,000 patients who have had their social insurance numbers (SINs) compromised. 

The hospital said in a news release Friday that it has opened a phone line dedicated to dealing with this. It advises anyone who visited the hospital as of November 1999 for a work-related injury, such as a Workplace Safety and Insurance Board claim, to phone (519) 346-4604. 

As of Friday, the phone lines will be available from 9 a.m. to 5 p.m. 

The hospital also notes people should be aware of ongoing scams and not provide their SIN over the phone. 

Reaume-Zimmer said there is still additional stolen information that they are still investigating. 

Windsor Regional Hospital 

Windsor Regional Hospital CEO David Musyj said diagnostic imaging and their curative radiation treatments took the largest hit during this attack. 

Musyj said the number of diagnostic imaging appointments for a CT scan or MRI that need to be rescheduled are "into the thousands." For other imaging, he said, they are working to get these appointments done through community partners. 

A person stands infront of a microphone.
Windsor Regional Hospital CEO David Musyj said the hospital's diagnostic imaging and curative radiation treatments were paused due to the attack. As of Friday, radiation has been restored at full service. (Amy Dodge/CBC)

He added though surgeries were postponed, they got back on track a few days after the cyberattack. 

As of Friday, the hospital said its curative radiation treatments are back up to full capacity. 

The hospital said that for patients who had to go elsewhere to get their treatment, they are being told to complete their treatment at the location they started at for continuity of care and to avoid further delays. 

On Nov. 6, the hospital said in a news release that some patient data was breached and that included their name and a summary of their medical condition. It had also said some employee information was impacted, though that doesn't appear to include SIN or banking information. 

Hôtel-Dieu Grace Healthcare

Services and programs at Windsor's Hôtel-Dieu Grace Healthcare, according to CEO Bill Marra, have not been impacted by the cyberattack. He added that while there has been some efficiency and timing issues, all of their inpatient and outpatient programs have been running. 

Marra said the hospital is only aware of an employee database being stolen, which included information on 1,396 current and former employees. These are workers who started their employment at the hospital as of Nov. 4, 2022. 

Bill Marra sits at a table with his hands interlocked
Bill Marra, president and CEO of Hôtel-Dieu Grace Healthcare, says the hospital's services and programs will able to still function despite the attack, though there may have been some timing delays. (Jason Viau/CBC)

Full names, SINs and basic rates of pay were stolen, according to Marra, who added that they aren't aware of any banking information having been taken. He said these people will be receiving a letter in the mail. 

"Our resiliency has been once again tested by way of a crisis and once again we demonstrated that we put our people, our patients, our clients and our community first," he said. 

Erie Shores Healthcare

Kristin Kennedy, CEO of Erie Shores Healthcare in Leamington, said the biggest impact has been on their diagnostic imaging, with ultrasounds, CT scans and mammograms having to be rescheduled. Some of these appointments have been delayed by six weeks. 

X-rays and nuclear tests, according to Kennedy, have continued. 

By the end of November, Kennedy said, they anticipate that full capacity for imaging will be restored and that by the end of December, services will have fully resumed. 

Kennedy said the reason for the delays is that radiologists have limited capacity to read the images. 

A woman stands at a podium
Kristin Kennedy, president and CEO of Erie Shores HealthCare, says the ransomware attack's biggest impact has been on their diagnostic imaging. (Dale Molnar/CBC)

She said to mitigate this issue, they are creating a separate system to "fill the current gap," and this system will provide "redundancy" that will protect the imaging services against similar issues in the future. 

The information of 350 current and previous staff members was stolen, according to Kennedy. In particular, she said, their names and SINs have been taken. The employees worked during two pay periods, June 2019 and January 2020. 

She added that banking information is not part of this. 

Kennedy said they are still looking at remaining data that might have been leaked. 

Chatham-Kent Health Alliance 

CEO Lori Marshall said that in the first few days of the attack, surgeries and procedures were rescheduled, but since then, the hospital has returned to "more normal" volumes.

The hospital said it has deferred new chemotherapy patients to London, but will transition those patients back once their systems are up and running. 

Stroke patients have also been sent via ambulance to either Windsor Regional Hospital or London Health Sciences Centre. 

Marshall said the hospital is relying on community partners to help them do imaging, but cancer patients with imaging needs are being sent to London. 

A woman stands in front of a wall.
'The impact of the cyberattack extends far beyond the digital realm and when it affects an institution like a hospital, we know that it has real-life impacts,' says Lori Marshall, CEO of the Chatham-Kent Health Alliance. (Dale Molnar/CBC)

"In times like these, it is easy to feel overwhelmed and frustrated and vulnerable. The impact of the cyberattack extends far beyond the digital realm and when it affects an institution like a hospital, we know that it has real-life impacts," she said. 

As for the data that has been leaked, Marshall confirmed a database report containing information on about 1,446 employees, who started working at the organization as of Feb. 2, 2021, was breached. 

The information stolen includes names, addresses, SINs, gender, marital status, date of birth and pay rates. Marshall said no banking information was taken. 

Marshall said these employees will be notified by the end of this week and early next week. 

Hospitals address transparency concerns

Since the cyberattack took place, hospital IT provider TransForm and the impacted hospitals have released eight joint news statements. 

CBC News has repeatedly asked for interviews or the opportunity to ask questions during the last four weeks, but has been declined. 

Friday was the first time the hospital CEOs took questions from the media. 

WATCH | Hospital CEOs respond to concerns around transparency:

Hospital CEOs defend transparency efforts on ransomware attack

1 year ago
Duration 2:45
Bill Marra, the CEO of Hotel-Dieu Grace Healthcare, and David Musyj, CEO of Windsor Regional Hospital, respond to a question from CBC reporter Jennifer La Grassa on transparency following the cyberattack. In his response, Musyj refers to an expert CBC News spoke with last week who said TransForm, the IT provider at the centre of the attack, is being more transparent than he's seen other companies in these positions be.
 

Before reporters asked questions, a spokesperson for one of the hospitals said that for "security reasons," CEOs could not comment on the specific actions of the cybercriminal or the steps being taken to secure the new system. 

When asked why CEOs waited four weeks to speak about the situation, as well as why they haven't been more forthcoming with answering questions, Marra of Hôtel-Dieu Grace said he believes the hospitals have been very transparent. 

In addition to several news releases, Marra said "our communication has been with our people, our patients, working with the privacy commissioner, having town halls, meeting with our staff one on one on the units, issuing letters and notices." 

"So there has been transparency. It may not meet the standard of some people, but we have done an exceptionally good job, in a very responsible and safe way, to not further compromise what we've already experienced," he said. 

He added they've had to protect the integrity of ongoing police investigations. 

ABOUT THE AUTHOR

Jennifer La Grassa

Videojournalist

Jennifer La Grassa is a videojournalist at CBC Windsor. She is particularly interested in reporting on healthcare stories. Have a news tip? Email jennifer.lagrassa@cbc.ca