Cyber Incident Victim: Winghamhospital
Date:
Sep 2019
Location:
Canada
Summary
A ransomware attack targeted hospitals in Listowel and Wingham, forcing temporary closures of oncology and diagnostic clinics while disrupting non-emergency services. The incident, investigated by law enforcement's cybercrimes unit, impacted patient care with no immediate resolution timeline provided by hospital officials. This attack occurred amid a broader wave of cyber incidents affecting multiple southwestern Ontario municipalities and a manufacturing firm, including a prior case where another city paid a ransom to recover data. Experts emphasized the interconnected nature of regional healthcare systems as a vulnerability factor.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late September 2019, a cyber-attack compromised the online system serving hospitals in Listowel and Wingham, Ontario, forcing the temporary closure of oncology and diagnostic clinics. Non-emergency patients were instructed to return at a later date due to service disruptions. Karl Ellis, CEO of the Listowel Hospital Alliance, publicly acknowledged the incident but could not provide a specific restoration timeline for affected systems. The Ontario Provincial Police's cybercrimes unit initiated an investigation into the breach. Hospital officials implemented containment measures to prevent the ransomware from spreading to other networked systems, though technical specifics of these actions were not disclosed. The attack occurred amid a series of similar incidents across southwestern Ontario, including recent ransomware events in Woodstock and Stratford.
The incident was identified as a ransomware attack—malicious software designed to deny access to computer systems until payment is made. Tech analyst Carmi Levy characterized such attacks as an escalating threat to governments, healthcare institutions, and corporations, emphasizing the need for dedicated cyber incident response planning comparable to natural disaster preparedness. Officials expressed particular concern about vulnerabilities in Ontario's interconnected healthcare networks. While the hospitals' operational disruptions were confirmed, no details regarding ransom demands, payment, or data compromise were disclosed. This attack followed Stratford's confirmed ransom payment of $75,000 to hackers the previous month and Woodstock's ransomware incident earlier in the same week.