Cyber Incident Victim: The Ottawa Hospital
Date:
Sep 2023
Location:
Canada
Summary
A cyberattack claimed by the Indian Cyber Force targeted The Ottawa Hospital's website, causing temporary inaccessibility as part of a retaliatory campaign (#OpCanada) following Canada-India geopolitical tensions. The hospital confirmed a brief service interruption without system compromise, while the hacktivist group also asserted attacks against Canadian businesses, though one dental firm denied impact. Cybersecurity experts characterized the group's activities as "cybervandalism"—primarily unsophisticated disruptions like defacements or denial-of-service attacks aimed at political messaging rather than destruction. Canadian security officials acknowledged that geopolitical events often correlate with increased disruptive cyber activities but did not confirm specific attribution to Indian threat actors in this instance.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 26, 2023, the Ottawa Hospital experienced a cyberattack claimed by the Indian Cyber Force, a hacker group conducting operations under the banner of #OpCanada. The group publicly announced the attack on social media platform X (formerly Twitter), stating it had temporarily disrupted the hospital’s website accessibility as part of retaliatory actions against Canada. This followed escalating diplomatic tensions after Canada accused India of involvement in the June 2023 killing of Sikh activist Hardeep Singh Nijjar in British Columbia. The hospital confirmed a "brief interruption" to its website services but clarified no internal systems were breached. A spokesperson emphasized ongoing monitoring and investigation into the incident’s nature while maintaining that patient care systems remained unaffected. The Indian Cyber Force simultaneously claimed attacks against unspecified Canadian businesses, including a Mississauga dental practice that denied experiencing any compromise when contacted by journalists.
The attack was characterized by cybersecurity experts as "cybervandalism," consistent with the group’s typical tactics of disruptive but non-destructive actions such as website defacements or denial-of-service attacks aimed at generating political messaging rather than causing permanent damage. Steve Waterhouse, a cybersecurity consultant, noted such groups exploit low-sophistication techniques targeting vulnerable entities to create uncertainty and amplify ideological demands. Proofpoint researcher Alexis Dorais-Joncas corroborated this assessment, describing hacktivist motivations as primarily attention-seeking through attacks on weakly defended infrastructure. The Canadian Centre for Cybersecurity acknowledged geopolitical tensions often correlate with increased disruptive cyber activity but declined to confirm specific threat trends from India. The Ottawa Hospital maintained public assurances regarding its security posture, with no further operational disruptions reported beyond the initial website outage.