Notorious ransomware group claims responsibility for local hospitals cyberattack
A nefarious band of cyber-criminals called ‘Daixin Team’ is claiming to be the group responsible for the recent cyberattack that stole millions of sensitive files from five southwestern Ontario hospitals and published some of that data after ransom demands were denied.
The hackers were able to shut down the hospitals’ shared systems, operated by TransForm, on Oct. 23, 2023, blocking access to patient records, leaving the hospital to resort to paper records to process patients.
Aside from disabling the group of hospital’s systems, the hackers also stole large amounts of data, including personal information and hospital records of patients and staff.
The criminal organization claims to possess millions of pieces of data it stole. On Thursday, the hospitals acknowledged the data was being published after it refused to bend to ransom demands from the hackers, a number purported to be in the millions.
“The perpetrators are a sophisticated web of people who extort the healthcare sector,” said Windsor Regional Hospital president David Musyj at Thursday’s regularly scheduled board meeting. “We are not the first healthcare system to be struck by these bandits and we will not be the last.”
CTV has obtained a link to the leaked information, which exists on the “dark web.”
According to databreaches.net, Daixin Team shared information with them regarding the cyberattack, including a back-and-forth exchange between a negotiator and Daixin before the ransom deadline.
In that thread, the person negotiating on behalf of the hospitals and Transform indicated the hospital is unwilling to pay.
“We have strongly considered your demands, but we cannot pay. We have to use our money, all of our money, for our patients,” the negotiator said in the thread.
“We understand that this will upset you. But please know this: cancer treatment is being cancelled. Surgeries are being postponed. Our patients are hurting. We are doing our best to restore our operations, and we will recover. But this attack has resulted in actual pain and suffering,” the negotiator said.
“We cannot pay, and we are asking you to delete the data and leave us alone. Our patients and staff have endured enough,” said the thread posted to Databreaches.net.
The response back from Daixin before the ransom deadline indicated the fastest way to restore hospital systems is payment.
“Either way — we’re not upset, we’ll pour your data into our leak site after the timer expires,” said Daixin in the databreaches.net thread. “We understand that money is more important to you than patients — we’re alike in that.”
Windsor Regional Hospital has not confirmed the authenticity of the exchange. Bluewater Health has not yet responded to interview requests made Friday.
Local police, including the OPP are investigating the cyberattack, along with the FBI and INTERPOL.
The FBI and Homeland Security in the U.S. have issued a warning separately about the Daixin Team targeting hospitals.
The advisory describes Daixin as a “..cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations.” It goes on to say that “The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022.”
The affected hospitals in this latest cyberattack include Bluewater Health in Sarnia, Windsor Regional Hospital, the Windsor-Essex Hospice and Hotel Dieu Grace Healthcare in Windsor, Erie Shores Healthcare in Leamington and Chatham-Kent Health Alliance.
According to Musyj, restoring access to critical systems could take some time.
“This is not something you can do overnight. This will take time, this will take weeks,” he said. “We are hopeful that over the next few weeks we'll be able to bring back our clinical applications one by one.”
Musyj indicates the process to fully restore systems in a safe manner is being handled by experts with a lot of experience in this realm.
One of the more prominent impacts was at the cancer centre in Windsor, where cancer radiation treatment had to be moved to other jurisdictions until the systems are back up and running.
“Our collective focus is on cancer patients and getting those systems up quickly but safely we're doing our very best to recover as safely and quickly as possible,” Musyj said.
Information technology experts say institutions around the world are targeted for ransoms, but sometimes, it’s simply about bragging rights.
“One big thing with hackers, we find, when they can say, ‘hey, we've done this’ and they want to give themselves a little pat on the back,” said Frank Abbruzzese, the president of AlphaKOR in Windsor.
“The hackers themselves, whether we like it or not, they're probably taking great pride in their own little victory,” he said. “But no money.”
CTVNews.ca Top Stories
opinion Tom Mulcair: Prime Minister Justin Trudeau's train wreck of a final act
In his latest column for CTVNews.ca, former NDP leader and political analyst Tom Mulcair puts a spotlight on the 'spectacular failure' of Prime Minister Justin Trudeau's final act on the political stage.
B.C. mayor gets calls from across Canada about 'crazy' plan to recruit doctors
A British Columbia community's "out-of-the-box" plan to ease its family doctor shortage by hiring physicians as city employees is sparking interest from across Canada, says Colwood Mayor Doug Kobayashi.
Two U.S. Navy pilots shot down over Red Sea in apparent 'friendly fire' incident, US military says
Two U.S. Navy pilots were shot down Sunday over the Red Sea in an apparent 'friendly fire' incident, the U.S military said, marking the most serious incident to threaten troops in over a year of America targeting Yemen's Houthi rebels.
'There’s no support': Domestic abuse survivor shares difficulties leaving her relationship
An Edmonton woman who tried to flee an abusive relationship ended up back where she started in part due to a lack of shelter space.
opinion King Charles' Christmas: Who's in and who's out this year?
Christmas 2024 is set to be a Christmas like no other for the Royal Family, says royal commentator Afua Hagan. King Charles III has initiated the most important and significant transformation of royal Christmas celebrations in decades.
OPP find wanted man by chance in eastern Ontario home, seize $50K worth of drugs
A wanted eastern Ontario man was found with $50,000 worth of drugs and cash on him in a home in Bancroft, Ont. on Friday morning, according to the Ontario Provincial Police (OPP).
Ottawa MP Mona Fortier appointed chief government whip
Ottawa-Vanier MP Mona Fortier has been appointed as chief government whip, the latest addition in a major reshuffle of Prime Minister Justin Trudeau's cabinet.
Can the Governor General do what Pierre Poilievre is asking? This expert says no
A historically difficult week for Prime Minister Justin Trudeau and his Liberal government ended with a renewed push from Conservative Leader Pierre Poilievre to topple this government – this time in the form a letter to the Governor General.
Baseball Hall of Famer Rickey Henderson dead at 65, reports say
Rickey Henderson, a Baseball Hall of Famer and Major League Baseball’s all-time stolen bases leader, is dead at 65, according to multiple reports.