Notorious ransomware group claims responsibility for local hospitals cyberattack
A nefarious band of cyber-criminals called ‘Daixin Team’ is claiming to be the group responsible for the recent cyberattack that stole millions of sensitive files from five southwestern Ontario hospitals and published some of that data after ransom demands were denied.
The hackers were able to shut down the hospitals’ shared systems, operated by TransForm, on Oct. 23, 2023, blocking access to patient records, leaving the hospital to resort to paper records to process patients.
Aside from disabling the group of hospital’s systems, the hackers also stole large amounts of data, including personal information and hospital records of patients and staff.
The criminal organization claims to possess millions of pieces of data it stole. On Thursday, the hospitals acknowledged the data was being published after it refused to bend to ransom demands from the hackers, a number purported to be in the millions.
“The perpetrators are a sophisticated web of people who extort the healthcare sector,” said Windsor Regional Hospital president David Musyj at Thursday’s regularly scheduled board meeting. “We are not the first healthcare system to be struck by these bandits and we will not be the last.”
CTV has obtained a link to the leaked information, which exists on the “dark web.”
According to databreaches.net, Daixin Team shared information with them regarding the cyberattack, including a back-and-forth exchange between a negotiator and Daixin before the ransom deadline.
In that thread, the person negotiating on behalf of the hospitals and Transform indicated the hospital is unwilling to pay.
“We have strongly considered your demands, but we cannot pay. We have to use our money, all of our money, for our patients,” the negotiator said in the thread.
“We understand that this will upset you. But please know this: cancer treatment is being cancelled. Surgeries are being postponed. Our patients are hurting. We are doing our best to restore our operations, and we will recover. But this attack has resulted in actual pain and suffering,” the negotiator said.
“We cannot pay, and we are asking you to delete the data and leave us alone. Our patients and staff have endured enough,” said the thread posted to Databreaches.net.
The response back from Daixin before the ransom deadline indicated the fastest way to restore hospital systems is payment.
“Either way — we’re not upset, we’ll pour your data into our leak site after the timer expires,” said Daixin in the databreaches.net thread. “We understand that money is more important to you than patients — we’re alike in that.”
Windsor Regional Hospital has not confirmed the authenticity of the exchange. Bluewater Health has not yet responded to interview requests made Friday.
Local police, including the OPP are investigating the cyberattack, along with the FBI and INTERPOL.
The FBI and Homeland Security in the U.S. have issued a warning separately about the Daixin Team targeting hospitals.
The advisory describes Daixin as a “..cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations.” It goes on to say that “The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022.”
The affected hospitals in this latest cyberattack include Bluewater Health in Sarnia, Windsor Regional Hospital, the Windsor-Essex Hospice and Hotel Dieu Grace Healthcare in Windsor, Erie Shores Healthcare in Leamington and Chatham-Kent Health Alliance.
According to Musyj, restoring access to critical systems could take some time.
“This is not something you can do overnight. This will take time, this will take weeks,” he said. “We are hopeful that over the next few weeks we'll be able to bring back our clinical applications one by one.”
Musyj indicates the process to fully restore systems in a safe manner is being handled by experts with a lot of experience in this realm.
One of the more prominent impacts was at the cancer centre in Windsor, where cancer radiation treatment had to be moved to other jurisdictions until the systems are back up and running.
“Our collective focus is on cancer patients and getting those systems up quickly but safely we're doing our very best to recover as safely and quickly as possible,” Musyj said.
Information technology experts say institutions around the world are targeted for ransoms, but sometimes, it’s simply about bragging rights.
“One big thing with hackers, we find, when they can say, ‘hey, we've done this’ and they want to give themselves a little pat on the back,” said Frank Abbruzzese, the president of AlphaKOR in Windsor.
“The hackers themselves, whether we like it or not, they're probably taking great pride in their own little victory,” he said. “But no money.”
CTVNews.ca Top Stories
![](https://www.ctvnews.ca/polopoly_fs/1.6975012.1721775341!/httpImage/image.jpg_gen/derivatives/landscape_800/image.jpg)
Canadian Olympic Committee offers 'heartfelt apology' after New Zealand accuses Canada Soccer of spying
The Canadian Olympic Committee offered a 'heartfelt' apology to New Zealand Football Tuesday after the New Zealand women's club accused the Canadian women's team of spying on them during a training session.
Pennsylvania state police commissioner reveals stunning details about Trump shooting
A local law enforcement commissioner revealed during a House Homeland Security hearing on Tuesday stunning new details about the security failures that led to the near assassination of Donald Trump, raising more questions for the embattled U.S. Secret Service.
Polar bear at Calgary Zoo died by drowning following 'crushing' injury
The Wilder Institute/Calgary Zoo has revealed the cause of death for polar bear Baffin last week.
Clip resurfaces of Vance criticizing Harris for being 'childless,' testing Trump's new running mate
Comments Donald Trump’s running mate JD Vance made in 2021 questioning U.S. Vice President Kamala Harris’ leadership because she did not have biological children have resurfaced, testing the young conservative senator in his early days campaigning as part of the Republicans' presidential ticket.
Sunday was the hottest day ever recorded on Earth, scientists say
Sunday was the hottest day ever recorded, breaking global temperatures dating back to 1940, according to preliminary data from Europe's Copernicus Climate Change Service.
Jasper evacuees forced into B.C. to flee fires told to make U-turn to Alberta for aid
Thousands of wildfire evacuees forced from Jasper National Park into British Columbia along smoke-choked mountain roads Monday night were directed Tuesday to make a wide U-turn and head home if they needed a place to stay.
'Bigger than just the record': Football fan eyes world record for quickest visit to all CFL stadiums
A CFL super fan is two-thirds of the way into his record-breaking attempt to visit all nine stadiums in the Canadian Football League in 15 days.
Laws that could get Canadians in trouble in tourism hotspots
There are some laws in popular tourist destinations around the world that could land Canadian travellers in mild-to-serious trouble if they're not careful. Don't let these local laws land you in hot water during your next vacation abroad.
'Stars are aligning' for Bank of Canada rate cut: economists
The Bank of Canada is expected to deliver a dose of interest rate relief Wednesday when economists and market watchers predict the central bank will cut its overnight lending rate.