82K Bluewater Health patients to be notified by mail of confidential info breach


Southwestern Ontario hospitals have finally been able to pinpoint whose information was stolen Oct. 23

Bluewater Health CEO Paula Reaume Zimmer says about 82,000 patients had confidential health information stolen in the October cyber attack which crippled hospital systems.

On Oct. 23, hospitals across southwestern Ontario who receive IT services from Transform Shared Services were the subject of a cyber attack. Four days later, the hospitals informed the the Office of the Information and Privacy Commission about a ransomware attack.

The ransomware gang Diaxin broke into the computer systems, first at Bluewater Health and then the other hospitals, taking records from over 269,000 patients dating back to 1992 from Bluewater Health alone. Another 20,000 social insurance numbers were also stolen, mainly from people with WSIB claims.

Six months after the attack, hospital officials met with the media Wednesday saying they had been able to pinpoint patients whose medical and personal information had been stolen.

“Starting today, individuals whose information impacted will be notified by mail. Each hospital will notify their own patients if a patient’s social insurance number was affected we will provide credit monitoring,” said Reaume-Zimmer during the Zoom call.

“Some individuals may be receiving multiple letters. This is not a mistake. This is normal given some patients may have visited more than one of our affected hospitals…We determined that all patients should know if their records from multiple hospitals were affected.”

Reaume-Zimmer says of those 82,000 affected in Sarnia-Lambton, the 20,000 WSIB claimants appeared to be the only ones whose Social Insurance Number was taken.

The information was sold by Diaxin on the dark web. Cyber experts say this type of information can be used to create new identities to open a bank account to obtain funds or credit cards or obtain government ID illegally.

Reaume-Zimmer says it has taken six months to determine exactly who has been affected by the hack.

“This type of data analysis takes significant time, especially given the large quantity of data involved with classified hospitals. I’m extremely proud of how quickly we’re able to get to this moment of notification. Our experts tell us that these reviews can take upwards to a year to complete sometimes longer.”

About 327,000 people in Sarnia-Lambton, Windsor-Essex and Chatham-Kent have had their information stolen and will receive formal notificiation by mail.