TransForm says ransomware data breach affects 267,000 patients

Shared service provider TransForm has published an update on the cyberattack that recently impacted operations in multiple hospitals in Ontario, Canada, clarifying that it was a ransomware attack.

The organization confirms that the attackers managed to steal a database containing information on 5.6 million patient visits, corresponding to approximately 267,000 unique individuals.

TransForm is a not-for-profit, shared service organization founded by five hospitals in Erie St. Clair, Ontario, to manage their IT, supply chain, and accounts payable.

The cyberattack happened in late October, impacting five hospitals operating under the organization’s umbrella, including Bluewater Health, also an Ontario-based hospital relying on Transform’s services.

The incident caused operational disruptions, forcing the healthcare providers to reschedule appointments and redirect non-emergency cases to other clinics in the area.

BleepingComputer reached out to the organization at that time but did not receive any details about the type of attack TransForm faced.

Last week, the publication DataBreaches.reported that the DAIXIN Team claimed responsibility for the attack and the hackers gradually started to leak samples of the data stolen from the hospitals’ networks.

The threat actors stated they might stop the leak as they were more interested in selling it to data brokers.

In an update yesterday, TransForm confirmed the ransomware attack and that the hackers exfiltrated from their systems. The organization also made it clear that it does not intend to pay the ransom.

“Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, and our shared service provider TransForm Shared Service Organization were recently the victims of a ransomware attack,” reads the statement

“We did not pay a ransom and we are aware that data connected to the cyber incident has been published.” - TransForm

The organization explained that the attackers compromised an operations file server that hosted employee data, and also shared drive space used by the impacted hospitals.

The shared drive has varying impact on the hospitals, as each opted to store different types and amounts of data in it. Based on the investigation so far, the impact for each hospital is the following:

  • Bluewater Health: Data on 5.6 million patient visits corresponding to 267,000 unique patients.
  • Chatham-Kent Health Alliance: Data on 1446 individuals who worked in the hospital as of February 2021. Includes names, addresses, social insurance numbers, gender, marital status, date of birth, and pay rate.
  • Erie Shores HealthCare: Data on 352 current and past employees of the hospital.
  • Windsor Regional Hospital: Data on a limited number of patients, including names and a brief summary of their medical conditions.
  • Hôtel-Dieu Grace Healthcare: Data on some patients (currently undergoing analysis)

For Bluewater Health, which had the most data exposed, the statement clarifies that the information does not include clinical records. However, the exact contents of the stolen files are still subject to investigation.

TransForm’s announcement concludes by asking for patience as the process of determining the scope of the impact and the types of data that have been exposed is time-consuming. The organization promised to provide regular updates on the matter.

Related Articles:

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Tech giant Nidec confirms data breach following ransomware attack

BianLian ransomware claims attack on Boston Children's Health Physicians

Casio confirms customer data stolen in a ransomware attack

Underground ransomware claims attack on Casio, leaks stolen data