Southwestern Ontario hospitals will rebuild network from scratch amid fallout from cyberattack

Hospitals say it could take more than a month to restore systems

Image | CYBER-ATTACK/

Caption: Five southwestern Ontario hospitals have been experiencing a cyberattack for more than two weeks. (Kacper Pempel/Reuters)

All five southwestern Ontario hospitals impacted by a cyberattack just over two weeks ago will rebuild their networks from scratch, the hospitals say in an update Wednesday.
But the hospitals also say the investigation into precisely whose data was taken in the attack is expected to take months.
"Through our investigation we know that all our clinical and non-clinical systems were impacted as they are reliant on a safe secure network," said a statement released by the hospitals' IT provider, TransForm, and distributed by Windsor Regional Hospital, Hotel-Dieu Grace Healthcare, Erie Shores HealthCare, Bluewater Health and Chatham-Kent Health Alliance.
According to TransForm, their experts have advised them rebuilding the network is the "safest" course of action.
The Oct. 23 attack has been contained — the first of five steps to recovery — but experts are still working on identifying the cause, remediating the network, restoring applications and continued monitoring.
Restoration efforts are "on track" officials said, and restoration for digital patient charting is expected by mid-December — which they said will reduce patient delays. Other applications will come back online approaching mid-December.
The update also specifies specifically which systems are impacted and what records doctors may not be able to access: patient records and history, medication lists, pre-admission work-ups or reports from other professionals involved in patients' care.

Media Video | CBC News Windsor : Cybercriminal group claims responsibility for ransomware attack on hospitals

Caption: According to a blog, cybercriminal group Daixin says it has attacked the hospitals in southwestern Ontario and forced them to go dark. CBC's Jennifer La Grassa breaks down more details the group shared about how it got into hospital systems.

Open Full Embed in New Tab (external link)Loading external pages may require significantly more data usage.
"While some of our systems are functional, they are slower than usual and require extra time," officials said in a release. "This affects access to labs and diagnostic imaging."
The hospitals say doctors will cancel procedures if they feel it is unsafe to proceed with some patient information missing. Patients will be rescheduled as soon as possible, the hospitals say.
Residents are also reminded to bring their health card to the hospital when seeking emergency care, and to avoid the hospital except in true emergencies and attend local clinics or their family doctor where possible.
"We want to emphasize to our patients that our physicians and frontline staff are under greater than normal stress due to these unusual circumstances, and they are responding with incredible resolve," the hospitals said.
"We ask the public for their understanding during this time. This has been a challenging situation for employees, professional staff, patients and families, and we thank our community and system partners for their ongoing patience and support."
The hospitals also say they have not paid any ransom demanded by the attackers. Earlier this week they released a list of specific information affected by the hack, including information about 5.6 million patient visits at Bluewater Health and the social insurance numbers of more than 1,400 employees at Chatham-Kent Health Alliance.
TransForm has previously said international law enforcement agencies, including Interpol and the FBI, are involved in the criminal investigation. Experts are also working to determine the specific people whose data may have been taken in the attack, and that process is expected to take "a number of months."
A cybersecurity hotline has been established for patients, available from 8 a.m. to 11 p.m. Monday to Friday at 519-437-6212.

4th batch of data released on dark web, site says

Meanwhile, the cyber criminals who have claimed responsibility for the ransomware attack have released a fourth batch of stolen data, according to sources, including the author of a blog that tracks data breaches.
The hackers told Databreaches.net they have posted 300 records containing sensitive health data, according to the blog.
CBC News has not independently verified the claims, but has verified the identity of the author. An expert told CBC while the author has a track record of credibility, specific claims made by hackers should be taken with some skepticism.
The author of Databreaches.net says the cyber criminal group Daixin Team has taken responsibility for the ransomware attack in communications with them.