Ontario government still silent after hospital ransomware attacks

Six days after being asked for comment, the government of Ontario is still considering a public response to recent cyber attacks on hospitals in the province.

Last week, an IT World Canada reporter asked for comment from the Ministry of Public and Business Service Delivery on the ransomware attack on five southwestern Ontario hospitals that share an IT services provider, and a cyber attack on a Toronto hospital.

However, while a spokesperson for the department says it is considering a response, none has been received.

The request was made to the ministry because last year it received a report from an expert panel on cybersecurity in the provincial broader public sector, which includes hospitals, municipalities and school boards. In response to that report, the government said it “accepted recommendations outlined in the final report.” However, no timeline for implementing the recommendations was given.

“Work is underway to assess and implement measures that will improve and strengthen the province’s cyber security ecosystem,” the government said at the time.

In the initial request for comment on Nov. 9, the department was asked for an interview with Minister Todd McCarthy. We were told he was not available, and were asked to submit written questions. Those questions include asking what the government has been doing since it learned of the attacks, and whether these successful attacks meant these incidents are evidence that the government hasn’t done enough to improve cybersecurity in the broader public sector.

The Nov. 9 request for comment came after the provincial information and privacy commissioner said it has opened an investigation into the ransomware attack on the southwestern Ontario hospitals.

Asked yesterday when a response is coming, Jeffrey Stinson, the department’s digital and social media advisor, replied in an email that the department is “working to address your questions and provide a fulsome response as soon as possible.” Over 24 hours later there was still no response.

The ransomware attack by Daixin Team through IT provider TransForm Shared Service on the five hospitals — Bluewater Health of Sarnia, Chatham Kent Health Alliance, Erie Shores HealthCare of Leamington, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital — took place on Oct. 23.

The hospitals are still weeks away from full recovery of IT-related services. According to CBC News, Windsor Regional Hospital is manually processing pay for thousands of staff — and is warning employees there may be errors.

According to The Windsor Star, stolen data publicly posted by the ransomware gang contains what it calls deeply personal information about hundreds of hospital patients. The news service also said Windsor Regional Hospital had to send cancer treatments to Kitchener as a result of the attack.

Separately, Toronto’s Michael Garron Hospital said it had suffered a cyber attack. In a Nov. 8 update, the hospital said it didn’t pay a ransom. It said some personal data of hospital employees and credentialed clinicians employed from January 2015 to November 2023 was stolen. The information includes home addresses, social insurance numbers, bank account numbers (for employees on direct deposit) and earnings information for affected employees and home addresses, social insurance numbers and earnings information for affected credentialed clinicians.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now