Image

Daixin – known ransomware gang – behind the attack which paralyzed computers at Bluewater Health

November 9, 2023

Heather Wright/The Independent

TransForm Shared Services and Bluewater Health now say it could be mid-December before its able to recover from a hack which has affected patient services.

While the hospitals deal with the fall out from the ransomware attack, the OPP, Interpol and the FBI are working with the southwestern Ontario health care organizations on the data breach and have kept a tight lid on any information about what is going on behind the scenes in the investigation.

But people who follow hacks in the health care community have uncovered who the hackers are and in one case, have seen the pilfered data and talked with the criminal group.

Databreaches.net outed the hackers as Daixin. The blogger behind the website has not only seen some of the 5.6 million pieces of data Daixin stole from Bluewater Health, they talked with Daixin on the dark web.

In a Nov. 1 post, DataBreaches.net reported the Oct. 23 attack, saying the hackers destroyed any backup records as well.
“They knew from the beginning that we had quite a bit of critical data from their internal resources and we weren’t bluffing,” Daixin told DataBreaches.

“After much deliberation, they wrote that they were not going to pay.”
DataBreaches earned the trust of the hackers after investigating a number breaches linked to Daixin a. This time, Daixin said they gained access to Bluewater Health’s system through TransForm Services – the hospital’s IT provider – a week before they deployed the ransomware, Databreaches.net told The Independent.

It took the hacker a few hours to take over the system, the website reports. “The networks were completely transparent – we could go anywhere,” Daixin told DataBreaches, adding it was easier to access the system because passwords had been used over and over again.

“We could have been in their system for a very long time and destroyed almost everything – down to the last device (including medical),” Daixin claimed. “We didn’t do that, we just left.”
Brett Callow a threat analyst is with Emsisoft. His company deals with cyber security threats to patient data. He also found the Bluewater Health data on the dark web however he did not access it.

Callow says Daixin is a relatively new player in ransomware – an illegal activity that takes computer data hostage for cash. Ransomware has been around for a couple of decades but has reached “its current epidemic levels” in 2019 and “has been bad ever since.”

Callow says Daixin “has been operating under that brand name since the middle of last year. They had attacks on the multiple health care organizations, as well as multiple organizations in other sectors. Their demands range from a million bucks north.”

Most ransomware is created in Russia and Eastern Europe, says Callow, but it’s not easy to pin down where the hackers are using it.

“The people who use it to carry out the attacks can be based absolutely anywhere.” And, Callow says, most are financially motivated.

Ransomware demands can be very steep. “The highest demand known is $214 million – that one wasn’t paid. The highest was paid is $40 million,” Callow says noting neither were in the health care field.

Daixin claimed in its interview with DataBreaches the hospital refused to negotiate instead pleading to release the data.

With over 12 hours before Daixin’s deadline expired, according to DataBreaches, negotiators using the name ‘Bluewater Health and others’ wrote; “We have strongly considered your demands, but we cannot pay. We have to use our money, all of our money, for our patients.

“We understand that this will upset you. But please know this: cancer treatment is being cancelled. Surgeries are being postponed. Our patients are hurting. We are doing our best to restore our operations, and we will recover. But this attack has resulted in actual pain and suffering.

“We cannot pay, and we are asking you to delete the data and leave us alone. Our patients and staff have endured enough.”

When the deadline expired, Daixin started dumping data, telling DataBreaches they probably “would have settled for $4 million.”

Callow says even if the hospital had paid, there would be no guarantee the hackers would have deleted the data it had. And, he says, the key to open up the network would not have solved all the problems instantly.

There has now been three dumps of Bluewater Health information. DataBreaches has viewed all three, including patient information including information about COVID vaccines and medication.

There is also sensitive internal documents like complaints about patient care which named the hospital employee who is the subject of the complain and information about “Morbidity & Mortality” forums which are normally “secure and confidential so that staff can share information about a case frankly and freely and learn from it.”

Daixin has not released all the information yet, however DataBreaches expects it will shortly and may be sold to data brokers.

Bluewater Health is not alone in its computer hacking dilemma. Callow says it is unfortunate but more hospitals are victims of hackers than ever before.

“The government’s response to the ransomware problem as the woefully inadequate both in Canada and in other countries. They now try to do a bit more than they’ve done in the past,” noted Callow saying Nov. 2, a number of nations, including Canada, signed a manifesto saying they would not pay ransom.

“It is really a case of too little, too late. Ransomware gangs now have massive resources, multiple, multiple millions of dollars. This is a huge industry where people stand to make absolutely massive amounts of money and is now a lot more challenging to deal with than it would have been some nipped in the bud in the early days.”

Share This

Image
Front Page

Long-time St. Clair councillor passes

September 12, 2024

The flag in front of the St. Clair Township Civic Centre, Mooretown Sports Complex and Emergency Services buildings have been lowered after the death of a long-time former councillor. Jim DeGurse, who was 86, passed away Monday. DeGurse was first elected councillor with St. Clair Township in 1998 until 2006. He was relected in 2010 and served until 2022. In

Read More

Image
Front Page

Police, Wyoming fire investigate two separate accidents on Churchill Line

September 12, 2024

Wyoming firefighters and Lambton OPP are investigating two accidents on Churchill Line this morning. Just before nine this morning two vehicles collided at Churchill and Marthaville Road. One vehicle could be seen in the ditch. One person was taken to hospital with minor injures. OPP say it was one of two accidents on Churchill Line this morning. There was also

Read More

Image
Front Page

Bluewater Health home lottery marks 30 years

September 12, 2024

The Bluewater Health Dream Home Lottery has officially kicked off. Tickets for the $1.5 million home on Shoreside Road in Plympton-Wyoming go on sale today. Kathy Alexander, executive director of the Bluewater Health Foundation which runs the fundraiser, says in its 30th year, this is the biggest lottery yet. “The Dream Home Lottery greatly benefits Bluewater Health and the patients

Read More

Image
Front Page

Two seniors dead after Inwood accident

September 12, 2024

Two Windsor seniors are dead after a crash at the corner of Inwood Road and Courtright Line. It’s the second time in two years an accident between a transport and a passenger vehicle claimed a life. Wednesday, around 1 pm, Brooke firefighters, Lambton paramedics and the OPP were called to the intersection in Inwood for a crash between a tractor

Read More