Ransomware Data Breach Affects 267,000 Patients at TransForm

TransForm, a not-for-profit shared service organization in Ontario, Canada, recently provided an update regarding a cyberattack that affected multiple hospitals under its management. The organization confirmed that the attack was a ransomware incident.

The attackers successfully accessed a database containing information related to 5.6 million patient visits, which corresponds to approximately 267,000 unique individuals.

Established by five hospitals in Erie St. Clair, Ontario, TransForm manages their IT, supply chain, and accounts payable functions.

The cyberattack occurred in late October and impacted five hospitals operating under TransForm’s umbrella, including Bluewater Health, an Ontario-based hospital that relies on TransForm’s services.

As a result of the attack, there were disruptions in operations, leading to the rescheduling of appointments and the redirection of non-emergency cases to other clinics in the area.

We reached out to TransForm during that time, but no specific details regarding the type of attack were provided.

According to a report by DataBreaches, the DAIXIN Team claimed responsibility for the attack and gradually started leaking samples of the stolen data from the hospitals’ networks.

The threat actors stated their intention to potentially cease the leak, as their primary interest lies in selling the data to data brokers.

In a recent update, TransForm confirmed the occurrence of the ransomware attack and the exfiltration of data by the hackers. The organization explicitly stated its refusal to pay the ransom.

“Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, and our shared service provider TransForm Shared Service Organization were recently the victims of a ransomware attack,” the statement reads.

TransForm explained that the attackers compromised an operations file server that stored employee data, as well as a shared drive space utilized by the affected hospitals.

The impact of the shared drive varied across hospitals, as each stored different types and amounts of data. Based on the ongoing investigation, the impact on each hospital is as follows:

• Bluewater Health: Data on 5.6 million patient visits corresponding to 267,000 unique patients.
• Chatham-Kent Health Alliance: Data on 1,446 individuals employed at the hospital as of February 2021, including names, addresses, social insurance numbers, gender, marital status, date of birth, and pay rate.
• Erie Shores HealthCare: Data on 352 current and former employees of the hospital.
• Windsor Regional Hospital: Data on a limited number of patients, including names and brief summaries of their medical conditions.
• Hôtel-Dieu Grace Healthcare: Data on certain patients (currently under analysis).

Regarding Bluewater Health, which experienced the most significant data exposure, the statement clarifies that the information does not include clinical records. However, the exact contents of the stolen files are still subject to investigation.

TransForm concludes its announcement by requesting patience as they work to determine the full scope of the breach and the types of data that have been compromised. The organization assures regular updates on the matter.