2nd round of data from hospital cyberattack published, site says

The cybercriminals who have claimed responsibility for aransomware attack on five hospitals in southwestern Ontario have released a secondbatch of stolen data, according to theauthor of a blog that tracks data breaches.

The website Databreaches.net says that new records have been posted online containing COVID-19 vaccine records including names, and in some cases their reactions to vaccines.

"Other patient-related files that DataBreaches noted involved named patients' medications and suggestions for medications. Those files, in the form of worksheets and suggestion documents included the patients' names, diagnoses, dates, names and doses of medications, and comments related to the medication regimen for the patient," the post stated.

Some of the data released contains employee information, according to the site.

The blog's author said they have skimmedthe new data and other types of files may have been released.

CBCNews has not independently verified the claims in the blog, but has verified the identity of the author of the website. An expert told CBCwhile the author, who uses thepseudonym Dissent Doe, has a track record of credibility,specific claims made by hackersshould be taken with some skepticism.

The author of Databreaches.net says the cybercriminal group DaixinTeam has taken responsibility for the ransomware attack in communications with them.

According to the author, the hackers say they areplanning to release more information and are considering selling some of the data.

Cybercriminal group claims responsibility for ransomware attack on hospitals

11 months ago

Duration 3:19

According to a blog, cybercriminal group Daixin says it has attacked the hospitals in southwestern Ontario and forced them to go dark. CBC's Jennifer La Grassa breaks down more details the group shared about how it got into hospital systems.

The hospitals have confirmedthat some data was released earlier this week.

The ransomware attackhappened on Oct. 23. Five hospitals in Windsor-Essex, Chatham-Kent and Sarniathat share the IT producer TransForm provider were hit.

The attack has led to a system outage involving patient records, email and more,and delays inappointments for patients.

In a report to Windsor Regional Hospital's board of directors,chief executive officerDavid Musyj said the hospital is slowly getting back on track, working hard to restore services. He noted although the impacted hospitals "closely examined" the ransom demand from the cybercriminals, they decided against paying it.

"We knew ... that we could not trust the promise of a criminal to delete this information," he said on Thursday.

"We learned that payment would not speed up the safe restoration of our network."