Cyber Incident Victim: Windsor Regional, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health, Chatham-Kent Health Alliance
Date:
Oct 2023
Location:
Canada
Summary
A cyberattack disrupted operations at five southwestern Ontario hospitals, forcing their shared IT provider to take systems offline, including patient records and email services. The incident led to rescheduled patient appointments and potential delays for non-emergency care, with hospitals advising alternatives to reduce strain. While initial statements claimed patient care was unaffected, the provider later acknowledged impacts on care provision and launched an investigation into the cause, scope, and potential compromise of patient data. Systems remained offline indefinitely as the organization worked to restore services and assess the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 23, 2023, five southwestern Ontario hospitals—Windsor Regional Hospital, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health, and Chatham-Kent Health Alliance—experienced a widespread disruption to their online services, including patient records and email systems, following a cyberattack targeting their shared IT provider, TransForm. The non-profit organization, established by these hospitals to manage IT, supply chain, and accounts, initially detected "abnormal performance activity" in its systems earlier that Monday morning. In response, TransForm proactively took all systems offline as a precautionary measure, characterizing the event initially as a service outage affecting its member hospitals and Windsor-Essex Hospice. By Monday evening, TransForm confirmed the incident was a cyberattack, though the specific cause and attacker remained unidentified. The immediate operational impact forced hospitals to suspend electronic communications, with Windsor Regional Hospital directing patients to call a specific phone number for assistance while acknowledging potential delays. TransForm’s initial assessment claimed patient care was unaffected, but this was later contradicted by hospital statements acknowledging significant care disruptions.
The cyberattack necessitated the rescheduling of patient appointments across all five hospitals, with facilities attempting to contact affected individuals directly while warning they might not reach everyone in advance. Hospitals issued a joint statement advising non-emergency patients to seek care from primary providers or clinics to alleviate strain on emergency departments, indicating reduced capacity for routine services. TransForm launched an investigation into the attack’s origin, scope, and potential compromise of patient information, though no evidence of data theft was confirmed at the time of reporting. Michelle Watters, TransForm’s director of stakeholder relations, stated the organization would not provide further updates beyond initial communications, while hospitals similarly declined additional comment. Restoration timelines for affected systems remained undetermined as of the last update, with TransForm emphasizing ongoing efforts to resolve the incident and promising further updates as the investigation progressed. The coordinated response highlighted reliance on manual processes and inter-hospital collaboration to maintain critical services during the outage.