Published Nov 06, 2023 • Last updated 18 hours ago • 2 minute read
The blackmailers who launched a sustained cyberattack against five southwestern Ontario hospitals have posted a third batch of sensitive patient data onto the dark web.
Brett Callow, a threat analyst with the international cybersecurity firm Emsisoft Ltd., said posting the information in stages is part of a strategy to keep pressure on the hospitals and force them to pay the ransom.
THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY
Subscribe now to read the latest news in your city and across Canada.
- Unlimited online access to articles from across Canada with one account.
- Get exclusive access to the Windsor Star ePaper, an electronic replica of the print edition that you can share, download and comment on.
- Enjoy insights and behind-the-scenes analysis from our award-winning journalists.
- Support local journalists and the next generation of journalists.
- Daily puzzles including the New York Times Crossword.
SUBSCRIBE TO UNLOCK MORE ARTICLES
Subscribe now to read the latest news in your city and across Canada.
- Unlimited online access to articles from across Canada with one account.
- Get exclusive access to the Windsor Star ePaper, an electronic replica of the print edition that you can share, download and comment on.
- Enjoy insights and behind-the-scenes analysis from our award-winning journalists.
- Support local journalists and the next generation of journalists.
- Daily puzzles including the New York Times Crossword.
REGISTER TO UNLOCK MORE ARTICLES
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account.
- Share your thoughts and join the conversation in the comments.
- Enjoy additional articles per month.
- Get email updates from your favourite authors.
Article content
Article content
“If they were to release all the data in one fell swoop, they would have no chance of being able to extract payment,” said Callow. “If they are releasing it in a series of installments, they still have hope to keep the hospitals and the incident in the news, and keep the pressure on.”
A well-organized cybercrime gang called Daixin Team has claimed responsibility for stealing millions of records from Bluewater Health in Sarnia, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital.
The attack also locked the hospitals out of their own technology-based systems.
The criminals targeted the hospitals through TransForm Shared Service Organization, which runs technology systems for all five facilities.
Windsor Regional Hospital David Musyj told his board of directors on Thursday that the cyberattack was detected the morning of Oct. 23.
The attack was part of a blackmail scheme, but officials have not said what the ransom demands are.
Hospital officials also have not confirmed exactly what kind of data was stolen. But cybersecurity experts have said it could be a wide range of information from names and addresses to social insurance numbers and to medical histories.
Article content
The criminals released the first round of information onto the internet on Thursday. They followed up on Friday with another data dump, promising several more will follow. The third release came over the weekend.
A screen grab from the dark web post that Callow posted on social media more data releases including a full leak, which “will be soon.”
Callow said refusing to pay the ransom was the right move.
“I would say it is 100 per cent the right decision not to pay,” he said. “Payment simply keeps other organization in the gang’s crosshairs.”
“Even if you do pay, they will pinky promise to destroy that stolen data, but there is absolutely no way of knowing that they actually will. Also, payment isn’t necessarily a quick fix way of bringing all the systems back online. It can still be a long and complex process.”
twilhelm@postmedia.com
Article content
