Daixin Threat Group Claims Ransomware Attack on 5 Hospitals in Ontario

Daixin Team claimed responsibility for the ransomware attack that impacted 5 hospitals in Ontario, Canada, on October 23rd. TransForm, the shared service provider of the five healthcare organizations, confirmed the ransomware attack.

The stolen database contains information on 5.6 million patient visits and impacts about 267,000 persons. Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital are the five hospitals that rely on TransForm to manage their IT, supply chain, and accounts payable.

The attack strongly disrupted the hospital`s activity. All five healthcare providers had to reschedule appointments and redirect non-emergency cases to other health units.

What Caused the Ontario Hospitals Data Breach?

TransForm revealed that the hackers succeeded in compromising an operations file server that hosted employee data and the shared drive space the impacted hospitals use.

The data breach impacted the Bluewater Health Hospital the most. For the moment, security researchers say the leaked data does not include clinical records. The ongoing investigation is still to establish exactly the stolen files’ content.

In the meantime, the Daixin threat group made a series of statements for databreaches.net regarding the attack. Although the hackers did not reveal how they gained initial access, they claim system admins used the same password for multiple administrator accounts.

The networks were completely transparent – we could go anywhere. Maybe they had some kind of segmentation, but the fact that even the wifi in the hospitals disappeared after we attacked can speak to its level.

The passwords for some administrator accounts across all hospital domains were the same.

Source – databreaches.net

If Daixin`s allegation is right, then privileged access misuse or poor privileged access policies are at fault.

Cybersecurity Challenges Make Healthcare Institutions Vulnerable to Ransomware

According to FBI’s Internet Crime Report (2022), Healthcare, Public Health included, is the most ransomware affected sector. During the last year, ransomware attacks had an extremly strong impact on healthcare institutions worldwide.

Industry specific issues make healthcare organizations an easier target for ransomware attacks:

• Connection with lots of third-party vendors
• Exposure through patient data practices
• High number of connected medical devices
• Outdated systems or software that can`t always be patched in time

Like many other organizations that work on a strict budget, healthcare institutions need to do a lot with little resources. That means small IT teams have to configure, maintain and protect an extremely large and complex digital system.

That doesn`t mean healthcare databases can`t be protected against ransomware. Heimdal`s MXDR platform helps automatize processes and reduces alert fatigue, while keeping systems and data safe. This Managed Extended Detection & Response (MXDR) solution offers top, round-the-clock services for:

• patch and assets management,
• ransomware encryption protection
• DNS security for endpoint and networks,
• threat hunting,
• privileged access management,
• email security, etc.

Dos and Don’ts in Case of a Ransomware Attack

For hackers, ransomware is business. Encrypting or blocking access to data is their way of making money. If companies agree to pay the ransom to avoid data leakage or recover their data, hackers will keep launching ransomware attacks.

So, the five hospitals and shared service provider`s decision not to pay the money is the right thing to do.

Data breaches and all sorts of cyberattacks cannot be completely prevented. All systems have vulnerabilities and there is no bulletproof software.

However, healthcare organizations and any other companies that work with large customer databases should take several prevention measures:

• use network segmentation,
• enforce strong password security policies,
• educate employees to recognize phishing emails,
• use end-to-end encryption,
• apply the principle of least privilege,
• enforce a zero-trust policy across the organization,
• use DNS filtering,
• create back-ups on different servers to prevent data loss.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.

• Blocks any unauthorized encryption attempts;
• Detects ransomware regardless of signature;
• Universal compatibility with any cybersecurity solution;
• Full audit trail with stunning graphics;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.