2nd round of data from hospital cyberattack published, site says

The cybercriminals who have claimed responsibility for a ransomware attack on five hospitals in southwestern Ontario have released a second batch of stolen data, according to the author of a blog that tracks data breaches.

The website Databreaches.net says that new records have been posted online containing COVID-19 vaccine records including names, and in some cases their reactions to vaccines.

"Other patient-related files that DataBreaches noted involved named patients' medications and suggestions for medications. Those files, in the form of worksheets and suggestion documents included the patients' names, diagnoses, dates, names and doses of medications, and comments related to the medication regimen for the patient," the post stated.

Some of the data released contains employee information, according to the site.

The blog's author said they have skimmed the new data and other types of files may have been released.

CBC News has not independently verified the claims in the blog, but has verified the identity of the author of the website. An expert told CBC while the author, who uses the pseudonym Dissent Doe, has a track record of credibility, specific claims made by hackers should be taken with some skepticism. 

The author of Databreaches.net says the cybercriminal group Daixin Team has taken responsibility for the ransomware attack in communications with them.

According to the author, the hackers say they are planning to release more information and are considering selling some of the data.

Cybercriminal group claims responsibility for ransomware attack on hospitals

1 year ago

Duration 3:19

According to a blog, cybercriminal group Daixin says it has attacked the hospitals in southwestern Ontario and forced them to go dark. CBC's Jennifer La Grassa breaks down more details the group shared about how it got into hospital systems.

The hospitals have confirmed that some data was released earlier this week.

The ransomware attack happened on Oct. 23. Five hospitals in Windsor-Essex, Chatham-Kent and Sarnia that share the IT producer TransForm provider were hit.

The attack has led to a system outage involving patient records, email and more, and delays in appointments for patients.

In a report to Windsor Regional Hospital's board of directors, chief executive officer David Musyj said the hospital is slowly getting back on track, working hard to restore services. He noted although the impacted hospitals  "closely examined" the ransom demand from the cybercriminals, they decided against paying it. 

"We knew ... that we could not trust the promise of a criminal to delete this information," he said on Thursday.

"We learned that payment would not speed up the safe restoration of our network."