Five Ontario hospitals are experiencing service disruptions after a cyber attack on a shared service provider caused system outages, forcing them to reschedule or cancel appointments and divert non-emergency patients to other facilities.
The incident affected the TransForm healthcare IT and supply chain management platform founded by the impacted hospitals in 2013 to manage their daily operations.
Located in the Erie St. Clair region, Southwestern Ontario, the impacted hospitals represent half of all healthcare facilities in the area, with a total bed capacity of 1,250.
TransForm shared service provider is investigating a massive cyber attack
TransForm Shared Services Organization discovered the cyber attack after experiencing a systems outage that affected email communication.
The local non-profit investigated the issue and determined that the service disruption resulted from a cyber attack.
Additionally, the shared service provider discovered that five regional hospitals, Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, were impacted.
The regional hospitals issued a joint statement advising patients with nonemergency cases to seek services elsewhere to allow the facilities to “focus on those needing hospital care” and gracefully weather the impacts of the cyber attack.
“For those patients who have care scheduled in the next few days, the hospitals will contact you directly, if possible, to reschedule or provide alternate arrangements,” TransForm said in an online statement.
Patients who had arrived for various procedures reported long delays as hospital staff resorted to manual records.
While the incident is still under investigation, the shared service provider and the impacted hospitals have not disclosed the nature, scope, and cause of the cyber attack and whether patient information was compromised.
“We are investigating the cause and scope of [the] incident, including whether any patient information was affected. Our investigation is ongoing,” TransForm said.
The shared service provider has also engaged external cyber experts but hinted that the system restoration process might take a while.
“Leading third-party cybersecurity experts have been engaged, and we continue to investigate. We expect to have updates related to the restoration of our systems in the upcoming week,” TransForm said.
Given the incident’s criminal nature, the shared service provider has contacted Canadian law enforcement authorities and initiated an investigation, thus limiting the information availed to the public.
However, CBC reported that neither the Canadian federal law enforcement agency, the Royal Canadian Mounted Police (RCMP), nor Chatham-Kent or Sarnia police were involved in the investigation. Similarly, the Office of Ontario’s Information and Privacy Commissioner was yet to receive an official data breach notification.
Meanwhile, TransForm was trying to retrieve documents from system backups to mitigate the impacts of the cyber attack.
So far, TransForm has not disclosed if any threat actors have made any ransom demands or if ransomware was involved.
Healthcare industry remains a top target for cyber attacks
Hospitals are among the top targets for cyber attacks, with healthcare data breaches being the most expensive, costing $10.93 million compared to the industry-wide average of $4.45 million, according to the 2023 IBM Data Breach Report.
By targeting a shared service provider, the threat actors intended to maximize the impact of the cyber attack to achieve their objectives.
“Healthcare remains a prime target for cyberattacks due to its invaluable data and limited security measures,” noted Emily Phelps, Director at Cyware, “The challenge of safeguarding expansive healthcare institutions that use a mix of new and outdated systems creates vulnerabilities for attackers to exploit.
“Moreover, with the rise of advanced technologies like AI, attackers can act more swiftly, exacerbating the security challenges faced by healthcare providers,” added Phelps.