All five southwestern Ontario hospitals impacted by a cyberattack just over two weeks ago will rebuild their networks from scratch, the hospitals say in an update Wednesday.
But the hospitals also say the investigation into precisely whose data was taken in the attack is expected to take months.
“Through our investigation we know that all our clinical and non-clinical systems were impacted as they are reliant on a safe secure network,” said a statement released by the hospitals’ IT provider, TransForm, and distributed by Windsor Regional Hospital, Hotel-Dieu Grace Healthcare, Erie Shores HealthCare, Bluewater Health and Chatham-Kent Health Alliance.
Read more at CBC.
In related news, and as DataBreaches reported earlier this morning on Infosec.Exchange, Daixin contacted this site last night to say that they wouldn’t be dumping databases from Transform as quickly as they would otherwise because they are busy working on something else (translation: they have been working on another victim/incident). But then this morning I woke up to find a message from them that for now, they had released 300 records from a database and they described the records as “interesting.”
The data were sensitive and confidential info of named patients with their demographic info as well as health-related and account-related info. Many of the entries go back to service dates years ago, but they also included some current records. The records include dozens of fields including what service treated the patient (e.g., surgery, psychiatry) and when patients did not want any info given out about them to family or anyone. That ship has now sailed for them.
Eventually, Daixin will dump the databases, unless they have decided to sell those data.