Patient and staff information taken in hospital IT hack


Hospitals, IT company work with OPP, INTERPOL and FBI as hackers demand ransom

Bluewater Health says patient and staff information has been taken in the cyber attack which has crippled hospital IT systems for a week.

Oct. 25, TransForm Shared Service Organization – which runs IT, billing and supply services for five hospitals in Chatham-Kent, Essex and Lambton – including Charlotte Eleanor Englehart Hospital in Petrolia – and other health organizations in the region announced it was having IT problems linked to a cyber attack. Patients were notified that some appointments would be cancelled and staff was registering patients who were able to keep appointments with pen and paper.

Late Friday, TransForm said police were investigating the hack and that there was no estimate when services at the hospital will return to normal. The Independent has reached out to Bluewater Health multiple times since Oct. 26 to determine how many and what type of patient services were cancelled. Our calls have not been returned.

Tuesday, in a joint statement, the hospitals and TransForm said patient data had been compromised. Today, the organization confirmed some patient and staff data has been stolen.

“Working with leading cyber security experts, we have determined through our investigation that, unfortunately, certain patient, employee and professional staff data has been taken and there is the possibility that the actors responsible for this attack may publish some of the stolen data,” the statement reads. “We continue to investigate to determine the exact data impacted, and any individuals whose data was affected by this cyber attack will be notified in accordance with the law.”

The statement adds “we can confirm that we are victims of a ransomware attack.” Ransomware is designed to deny a user or organization access to files on their computer. The hackers then demand a ransom payment for the decryption key as the easiest and cheapest way to regain access to the files.

“We are working closely with law enforcement – including local police departments, Ontario Provincial Police, INTERPOL and FBI – and we have notified all relevant regulatory organizations including the Ontario Information and Privacy Commissioner.”

TransForm says it is “continuing to work around the clock to restore systems” and “expect to have updates” in the coming week.

“The hospitals will continue to do their best to contact patients directly in advance if they have a scheduled appointment with one of our hospitals that needs to be rescheduled. If patients do not need emergency care, we ask that they please attend their primary care provider or local clinic.”

TransForm and Bluewater Health added “due to the fact we have notified and engaged law enforcement as part of a criminal investigation we will not be providing further comment in response to this statement.”