Image

Daixin – known ransomware gang – behind the attack which paralyzed computers at Bluewater Health

November 9, 2023

Heather Wright/The Independent

TransForm Shared Services and Bluewater Health now say it could be mid-December before its able to recover from a hack which has affected patient services.

While the hospitals deal with the fall out from the ransomware attack, the OPP, Interpol and the FBI are working with the southwestern Ontario health care organizations on the data breach and have kept a tight lid on any information about what is going on behind the scenes in the investigation.

But people who follow hacks in the health care community have uncovered who the hackers are and in one case, have seen the pilfered data and talked with the criminal group.

Databreaches.net outed the hackers as Daixin. The blogger behind the website has not only seen some of the 5.6 million pieces of data Daixin stole from Bluewater Health, they talked with Daixin on the dark web.

In a Nov. 1 post, DataBreaches.net reported the Oct. 23 attack, saying the hackers destroyed any backup records as well.
“They knew from the beginning that we had quite a bit of critical data from their internal resources and we weren’t bluffing,” Daixin told DataBreaches.

“After much deliberation, they wrote that they were not going to pay.”
DataBreaches earned the trust of the hackers after investigating a number breaches linked to Daixin a. This time, Daixin said they gained access to Bluewater Health’s system through TransForm Services – the hospital’s IT provider – a week before they deployed the ransomware, Databreaches.net told The Independent.

It took the hacker a few hours to take over the system, the website reports. “The networks were completely transparent – we could go anywhere,” Daixin told DataBreaches, adding it was easier to access the system because passwords had been used over and over again.

“We could have been in their system for a very long time and destroyed almost everything – down to the last device (including medical),” Daixin claimed. “We didn’t do that, we just left.”
Brett Callow a threat analyst is with Emsisoft. His company deals with cyber security threats to patient data. He also found the Bluewater Health data on the dark web however he did not access it.

Callow says Daixin is a relatively new player in ransomware – an illegal activity that takes computer data hostage for cash. Ransomware has been around for a couple of decades but has reached “its current epidemic levels” in 2019 and “has been bad ever since.”

Callow says Daixin “has been operating under that brand name since the middle of last year. They had attacks on the multiple health care organizations, as well as multiple organizations in other sectors. Their demands range from a million bucks north.”

Most ransomware is created in Russia and Eastern Europe, says Callow, but it’s not easy to pin down where the hackers are using it.

“The people who use it to carry out the attacks can be based absolutely anywhere.” And, Callow says, most are financially motivated.

Ransomware demands can be very steep. “The highest demand known is $214 million – that one wasn’t paid. The highest was paid is $40 million,” Callow says noting neither were in the health care field.

Daixin claimed in its interview with DataBreaches the hospital refused to negotiate instead pleading to release the data.

With over 12 hours before Daixin’s deadline expired, according to DataBreaches, negotiators using the name ‘Bluewater Health and others’ wrote; “We have strongly considered your demands, but we cannot pay. We have to use our money, all of our money, for our patients.

“We understand that this will upset you. But please know this: cancer treatment is being cancelled. Surgeries are being postponed. Our patients are hurting. We are doing our best to restore our operations, and we will recover. But this attack has resulted in actual pain and suffering.

“We cannot pay, and we are asking you to delete the data and leave us alone. Our patients and staff have endured enough.”

When the deadline expired, Daixin started dumping data, telling DataBreaches they probably “would have settled for $4 million.”

Callow says even if the hospital had paid, there would be no guarantee the hackers would have deleted the data it had. And, he says, the key to open up the network would not have solved all the problems instantly.

There has now been three dumps of Bluewater Health information. DataBreaches has viewed all three, including patient information including information about COVID vaccines and medication.

There is also sensitive internal documents like complaints about patient care which named the hospital employee who is the subject of the complain and information about “Morbidity & Mortality” forums which are normally “secure and confidential so that staff can share information about a case frankly and freely and learn from it.”

Daixin has not released all the information yet, however DataBreaches expects it will shortly and may be sold to data brokers.

Bluewater Health is not alone in its computer hacking dilemma. Callow says it is unfortunate but more hospitals are victims of hackers than ever before.

“The government’s response to the ransomware problem as the woefully inadequate both in Canada and in other countries. They now try to do a bit more than they’ve done in the past,” noted Callow saying Nov. 2, a number of nations, including Canada, signed a manifesto saying they would not pay ransom.

“It is really a case of too little, too late. Ransomware gangs now have massive resources, multiple, multiple millions of dollars. This is a huge industry where people stand to make absolutely massive amounts of money and is now a lot more challenging to deal with than it would have been some nipped in the bud in the early days.”

Share This

Image
Front Page

LCCVI artists win at Fast Forward exhibit

May 12, 2025

Blake Ellis/The Independent “This means so much to me,” said Brooklyn Brown. The Grade 12 student at LCCVI received one of three outstanding works awards. Brown, 18, received the award which came with a $250 prize, on Saturday during the exhibition of Lambton County secondary schools’ senior student art show, Fast Forward, hosted by Gallery in the Grove in Brights

Read More

Image
Front Page

Environmental law association says Dresden dump project ‘may not be subject to any environmental assessment requirements’

May 12, 2025

The Independent The Canadian Environmental Law Association is concerned there may be no environmental oversight York1 Environmental’s plan to revive the Dresden dump. The company’s plan for a construction waste and soil recycling facility and rebuilding an expanded landfill at the site between Dresden and Dawn-Euphemia became public in last year. York1 wanted to move the massive project through the

Read More

Image
Front Page

Port Lambton Pirates sweep Chatham

May 12, 2025

Both Port Lambton teams topped the Chatham Diamonds on Saturday at the Western Counties Senior baseball season opened in Wallaceburg. The Pirates’ 22u team downed the Diamonds, 11-0 and the Port Lambton senior club beat Chatham, 12-2. Chatham fell to 0-3 on Sunday bowing 9-0 to Dresden. The scheduled game last Friday between the Wyoming Cattlebarons and the Wyoming Jr.

Read More

Image
Front Page

OPP launch school bus safety blitz after nine collisions last month

May 12, 2025

If you see an OPP cruiser following a school bus around, don’t be surprised. The OPP in southwestern Ontario has launched a campaign called Safety Stops Here this week. Officers from 13 detachments will conduct enforcement blitzes for school bus runs using marked and unmarked cruisers. Officers will also adopt a bus by selecting a route and following the bus

Read More