MEDIA RELEASE: UPDATE ON CYBER ATTACKS AT REGIONAL HOSPITALS
For Immediate Release - November 9, 2023:
Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, and our shared service provider TransForm Shared Service Organization were recently the victims of a ransomware attack. We did not pay a ransom and we are aware that data connected to the cyber incident has been published.
As stated in our November 6, 2023, release, all hospitals have some degree of patient and employee information affected. All our hospitals are diligently investigating the stolen data to determine who is impacted. This difficult process will take time. All hospitals are committed to transparency and will provide regular updates as we learn more. We are able to provide the following update today:
Bluewater Health
BWH has confirmed the theft of a database report containing information about approximately 267,000 patients dating from 1992. BWH has determined that this report included information about every patient seen at BWH or predecessor institutions since February 24, 1992.
All patients who registered for treatment at any of the following institutions since February 24, 1992 are believed to be affected:
- Bluewater Health;
- Lambton Hospitals Group;
- Charlotte Eleanor Englehart Hospital of Bluewater Health;
- Sarnia General Hospital; and
- Joseph’s Hospital.
The database report may have included the following information:
- Name;
- Address;
- Contact information;
- Date of birth;
- Basic demographic information;
- Reason for visit; and
- General notes on prior registrations.
BWH has also determined that social insurance number was included for approximately 20,000 patients.
BWH will directly notify all those whose SIN was included in the database report, and BWH will provide those individuals with two years of complimentary credit monitoring.
Hôtel-Dieu Grace Healthcare
After further investigation, HDGH must revise a preliminary conclusion shared on November 6, 2023. Unfortunately, HDGH can confirm the theft of an employee database report containing information about 1,396 individuals employed by HDGH as of November 4, 2022 and some former employees. If you were employed by HDGH on that date, HDGH believes that your data was taken, including name, social insurance number, and basic pay rate. This database report does not appear to include professional staff or volunteers.
No banking information was stolen.
HDGH has been distributing two years of complimentary credit monitoring, on site, since Monday, October 30. HDGH will continue to provide this, on site, to current employees for the foreseeable future, and we encourage all employees to sign up. For those past employees included in the database report who have not signed up in person, HDGH will be mailing you a letter with your unique credit monitoring code and instructions.
Other Hospitals
Chatham-Kent Health Alliance, Erie Shores HealthCare, and Windsor Regional Hospital have no further updates to share regarding the data affected, and they refer you to the prior statement issued on November 6, 2023 for the most current information.
Next Steps
Our analysis of the affected data continues, and we will provide updates as we learn more.
We have reported these findings to the Ontario Information and Privacy Commissioner, and we are committed to providing all those affected with notification in accordance with the law. Those affected have the right to file a complaint with Ontario Information and Privacy Commissioner. They can be reached at https://www.ipc.on.ca/privacy-individuals/filing-a-privacy-complaint/.
A patient cybersecurity hotline has been established. For inquiries please call: 519-437-6212 (8 am to 11 pm Monday through Friday). Staff questions can be directed to their HR teams.
We condemn the actions of cyber criminals, in the healthcare sector and elsewhere, in our communities and around the world. We understand the concern this incident has raised within our communities, including patients and our employees and professional staff, and we deeply apologize.
We want to thank everyone for their patience during this time.
-30-