A notorious cybercrime gang known as Daixin Team has publicly admitted to pilfering millions of records from five hospitals in southern Ontario, subsequently leaking the data online when their ransom demands were not met. The targeted hospitals include those in Leamington, Windsor, Sarnia, and Chatham-Kent. The Windsor Star has obtained a purported link to the leaked information, which is hosted on the dark web, offering access to personal details of patients from these facilities.
While the hospitals confirmed the publication of the compromised data, they did not officially confirm Daixin Team's involvement. Windsor Regional Hospital CEO, David Musyj, emphasized that the attackers were part of a sophisticated and organized operation, rather than an isolated individual.
The affected hospitals, including Sarnia’s Bluewater Health, Chatham-Kent Health Alliance, Windsor-Essex hospice, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, continue to grapple with system access issues following the cyberattack on October 23. In addition to disrupting digital and tech-based systems, the perpetrators made off with substantial amounts of personal information pertaining to both staff and patients. When the hospitals refused to yield to ransom demands, the criminals opted to disseminate the pilfered data.
A comprehensive investigation, involving local police departments, the Ontario Provincial Police, the FBI, and INTERPOL, is underway. Daixin Team has a track record of similar cyberattacks against various organizations, including a German water metering company, AirAsia, Fitzbiggon Hospital in Missouri, and OakBend Medical Centre in Texas.
Brett Callow, a threat analyst at the cybersecurity firm Emsisoft Ltd., emphasized that Daixin Team has been active since the middle of the previous year and has repeatedly targeted healthcare organizations. He cautioned that while this incident is unfortunate, it may not be the last, and underscored the urgency for robust cybersecurity measures in the healthcare sector. Following the breach, the hackers locked the hospitals out of their own systems by targeting TransForm Shared Service Organization, which oversees technology systems for all five facilities.
Musyj revealed that the extent of the stolen data is still unknown, but investigations are ongoing. He emphasized that the decision not to pay the ransom aligns with the joint statement from the 50 members of the International Counter Ransomware Initiative, which includes Canada. Callow, however, stressed that global governments need to take more effective measures to combat cybercriminals.
The U.S. government’s Cybersecurity and Infrastructure Security Agency issued a warning about Daixin Team last year, specifying that the group targets businesses in the Healthcare and Public Health sector with ransomware and data extortion operations. They encrypt servers responsible for healthcare, exfiltrate personal information, and demand ransom payments.
Callow concluded by advising caution and preparation for potential misuse of the compromised information, given the hackers' track record. He recommended assuming that the information could be exploited and taking appropriate precautions.