Notorious ransomware group claims responsibility for local hospitals cyberattack
A nefarious band of cyber-criminals called ‘Daixin Team’ is claiming to be the group responsible for the recent cyberattack that stole millions of sensitive files from five southwestern Ontario hospitals and published some of that data after ransom demands were denied.
The hackers were able to shut down the hospitals’ shared systems, operated by TransForm, on Oct. 23, 2023, blocking access to patient records, leaving the hospital to resort to paper records to process patients.
Aside from disabling the group of hospital’s systems, the hackers also stole large amounts of data, including personal information and hospital records of patients and staff.
The criminal organization claims to possess millions of pieces of data it stole. On Thursday, the hospitals acknowledged the data was being published after it refused to bend to ransom demands from the hackers, a number purported to be in the millions.
“The perpetrators are a sophisticated web of people who extort the healthcare sector,” said Windsor Regional Hospital president David Musyj at Thursday’s regularly scheduled board meeting. “We are not the first healthcare system to be struck by these bandits and we will not be the last.”
CTV has obtained a link to the leaked information, which exists on the “dark web.”
According to databreaches.net, Daixin Team shared information with them regarding the cyberattack, including a back-and-forth exchange between a negotiator and Daixin before the ransom deadline.
In that thread, the person negotiating on behalf of the hospitals and Transform indicated the hospital is unwilling to pay.
“We have strongly considered your demands, but we cannot pay. We have to use our money, all of our money, for our patients,” the negotiator said in the thread.
“We understand that this will upset you. But please know this: cancer treatment is being cancelled. Surgeries are being postponed. Our patients are hurting. We are doing our best to restore our operations, and we will recover. But this attack has resulted in actual pain and suffering,” the negotiator said.
“We cannot pay, and we are asking you to delete the data and leave us alone. Our patients and staff have endured enough,” said the thread posted to Databreaches.net.
The response back from Daixin before the ransom deadline indicated the fastest way to restore hospital systems is payment.
“Either way — we’re not upset, we’ll pour your data into our leak site after the timer expires,” said Daixin in the databreaches.net thread. “We understand that money is more important to you than patients — we’re alike in that.”
Windsor Regional Hospital has not confirmed the authenticity of the exchange. Bluewater Health has not yet responded to interview requests made Friday.
Local police, including the OPP are investigating the cyberattack, along with the FBI and INTERPOL.
The FBI and Homeland Security in the U.S. have issued a warning separately about the Daixin Team targeting hospitals.
The advisory describes Daixin as a “..cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations.” It goes on to say that “The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022.”
The affected hospitals in this latest cyberattack include Bluewater Health in Sarnia, Windsor Regional Hospital, the Windsor-Essex Hospice and Hotel Dieu Grace Healthcare in Windsor, Erie Shores Healthcare in Leamington and Chatham-Kent Health Alliance.
According to Musyj, restoring access to critical systems could take some time.
“This is not something you can do overnight. This will take time, this will take weeks,” he said. “We are hopeful that over the next few weeks we'll be able to bring back our clinical applications one by one.”
Musyj indicates the process to fully restore systems in a safe manner is being handled by experts with a lot of experience in this realm.
One of the more prominent impacts was at the cancer centre in Windsor, where cancer radiation treatment had to be moved to other jurisdictions until the systems are back up and running.
“Our collective focus is on cancer patients and getting those systems up quickly but safely we're doing our very best to recover as safely and quickly as possible,” Musyj said.
Information technology experts say institutions around the world are targeted for ransoms, but sometimes, it’s simply about bragging rights.
“One big thing with hackers, we find, when they can say, ‘hey, we've done this’ and they want to give themselves a little pat on the back,” said Frank Abbruzzese, the president of AlphaKOR in Windsor.
“The hackers themselves, whether we like it or not, they're probably taking great pride in their own little victory,” he said. “But no money.”
CTVNews.ca Top Stories
BREAKING Ontario Provincial Police arrest 64 suspects in child sexual exploitation investigation
Ontario Provincial Police say 64 suspects are facing a combined 348 charges in connection with a series of child sexual exploitation investigations that spanned the province.
Most of Canada to receive emergency alert test today
The federal government will test its capacity to issue emergency alerts today, with the exception of Ontario, where the test will take place on May 15.
OPINION What King Charles' schedule being too 'full' to accommodate son suggests about relationship with Prince Harry
Prince Harry, the Duke of Sussex, has made headlines with his recent arrival in the U.K., this time to celebrate all things Invictus. But upon the prince landing in the U.K., we have already had confirmation that King Charles III won't have time to see his youngest son during his brief visit.
Seafood, eat food: Calgary Stampede releases Midway menu
The Calgary Stampede has released its menu of sweet, salty and spicy treats available on the Midway for the Greatest Outdoor Show on Earth.
Ontario man devastated to learn $150,000 line of credit isn't insured after wife dies
An Ontario man found out that a line of credit he thought was insured actually isn't after his wife of 50 years died.
Boy Scouts of America is rebranding. Here's why they've changed their name
After more than a century, Boy Scouts of America is rebranding as Scouting America, another major shakeup for an organization that once proudly resisted change.
Trial begins for Winnipeg serial killer who claims he was mentally ill
The trial of a man who admits he killed four women in Winnipeg is set to begin Wednesday, and a law professor says lawyers for Jeremy Skibicki have multiple hurdles to clear for a defence of mental illness.
These adults born in the '90s partnered with their parents to buy homes in Ontario
An Ontario woman said it would have been impossible to buy a house without her mother – an anecdote that animates the fact that over 17 per cent of Canadian homeowners born in the ‘90s own their property with their parents, according to a new report.
New Canadian study could be a lifesaver for thousands suffering from CTE
A first-of-its-kind Canadian research study is working towards a major medical breakthrough for a brain disorder, believed to be caused by repeated head injuries, that can only be detected after death.