Ontario government still silent after hospital ransomware attacks

Share post:

Six days after being asked for comment, the government of Ontario is still considering a public response to recent cyber attacks on hospitals in the province.

Last week, an IT World Canada reporter asked for comment from the Ministry of Public and Business Service Delivery on the ransomware attack on five southwestern Ontario hospitals that share an IT services provider, and a cyber attack on a Toronto hospital.

However, while a spokesperson for the department says it is considering a response, none has been received.

The request was made to the ministry because last year it received a report from an expert panel on cybersecurity in the provincial broader public sector, which includes hospitals, municipalities and school boards. In response to that report, the government said it “accepted recommendations outlined in the final report.” However, no timeline for implementing the recommendations was given.

“Work is underway to assess and implement measures that will improve and strengthen the province’s cyber security ecosystem,” the government said at the time.

In the initial request for comment on Nov. 9, the department was asked for an interview with Minister Todd McCarthy. We were told he was not available, and were asked to submit written questions. Those questions include asking what the government has been doing since it learned of the attacks, and whether these successful attacks meant these incidents are evidence that the government hasn’t done enough to improve cybersecurity in the broader public sector.

The Nov. 9 request for comment came after the provincial information and privacy commissioner said it has opened an investigation into the ransomware attack on the southwestern Ontario hospitals.

Asked yesterday when a response is coming, Jeffrey Stinson, the department’s digital and social media advisor, replied in an email that the department is “working to address your questions and provide a fulsome response as soon as possible.” Over 24 hours later there was still no response.

The ransomware attack by Daixin Team through IT provider TransForm Shared Service on the five hospitals — Bluewater Health of Sarnia, Chatham Kent Health Alliance, Erie Shores HealthCare of Leamington, HĂ´tel-Dieu Grace Healthcare and Windsor Regional Hospital — took place on Oct. 23.

The hospitals are still weeks away from full recovery of IT-related services. According to CBC News, Windsor Regional Hospital is manually processing pay for thousands of staff — and is warning employees there may be errors.

According to The Windsor Star, stolen data publicly posted by the ransomware gang contains what it calls deeply personal information about hundreds of hospital patients. The news service also said Windsor Regional Hospital had to send cancer treatments to Kitchener as a result of the attack.

Separately, Toronto’s Michael Garron Hospital said it had suffered a cyber attack. In a Nov. 8 update, the hospital said it didn’t pay a ransom. It said some personal data of hospital employees and credentialed clinicians employed from January 2015 to November 2023 was stolen. The information includes home addresses, social insurance numbers, bank account numbers (for employees on direct deposit) and earnings information for affected employees and home addresses, social insurance numbers and earnings information for affected credentialed clinicians.

The post Ontario government still silent after hospital ransomware attacks first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Payment gateway breach exposes 1.7 million credit card holders

Slim CD, a payment gateway provider, recently disclosed a significant data breach that impacted nearly 1.7 million credit...

AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of...

Cyber Security Today – Week In Review for September 7, 2024

Cyber Security Today - Weekend Edition: Toronto School Board Hack, MoveIT Breach & Data Privacy Concerns This weekend edition...

Facial recognition company fined for “illegallly creating a database of faces”

Clearview AI, a U.S.-based facial recognition company, has been fined €30.5 million ($33.7 million) by the Netherlands’ data...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways