Tag: ransomware

Cybercriminal group claims responsibility for ransomware attack as hospital CEO says recovery will take weeks

Twelve days into a ransomware attack that has upended health-care services at five hospitals in southwestern Ontario, a cybercriminal group claimed responsibility in an online blog, describing how the attack happened and what it says are the millions of private patient records it has stolen. 

In a report to Windsor Regional Hospital on Thursday, chief executive officer David Musyj said the hospital is slowly getting back on track, working hard to restore services. He noted although the impacted hospitals  “closely examined” the ransom demand from the cybercriminals, they decided against paying it. 

“We knew … that we could not trust the promise of a criminal to delete this information,” he said. 

“We learned that payment would not speed up the safe restoration of our network.” 

It’s the first time Musyj has spoken about the attack, and his message served as a counter to the claims of the cybercriminals, who bragged about the extent of the damage in an online blog. 

After the hospitals refused to pay, the hackers followed through on their threat of releasing a portion of private health information. 

A low angle of a tall, hospital building.
During a hospital board meeting Thursday, Windsor Regional Hospital CEO David Musyj says recovery will take weeks, but that staff are working hard to make sure the hospital is restoring delayed service to patients. (Mike Evans/CBC)

Details about that exposed personal information, along with the cybercriminal group that has claimed responsibility for the attack, have been released in an article from DataBreaches.net — a website run by a retired licensed health-care professional who lives in New York state. 

CBC News spoke with the author of the website and has agreed to keep them anonymous to protect their safety.

The author, who goes by the pseudonym Dissent Doe, said they don’t have expertise in cybersecurity, beyond having reported on the

Despite warnings, N.L. health officials didn’t bolster cyberdefences before ransomware attack

Newfoundland and Labrador health officials did not act on a series of warnings and failed to adequately protect sensitive health information of hundreds of thousands of people before a ransomware gang launched a devastating cyberattack in 2021 that surreptitiously scooped up 200 gigabytes of data and paralyzed the province’s health-care system.

That’s among the findings of a 115-page report on the attack issued Wednesday morning by the Office of the Information and Privacy Commissioner. 

“The biggest question at the outset of this investigation for us was whether this cyberattack succeeded despite these [provincial health] entities having cybersecurity practices that met recognized international standards, or if it succeeded because those standards were not being met at the time,” the provincial watchdog noted in the report.

“Unfortunately, we found the latter.”

Security in the health information system “was lacking in a number of important areas” and internationally recognized, industry-standard cybersecurity measures were “either not in place or not fully implemented.”

The report found that deficit left the personal health information and personal information of citizens of the province vulnerable to cyberattack — “which, under the circumstances, was almost an inevitability.”

Investigators concluded that these vulnerabilities were known within the health-care system but officials failed to fix them.

“The Department of Health and Community Services was informed in 2020 — over a year prior to the cyberattack — that a threat assessment rated the chances of a cyberattack as high, and the impact of such an event as high,” said Sean Murray, a senior official in the commissioner’s office who led the probe.

“In other words, the ransomware attack against our public health information systems was a foreseeable event. Efforts to reduce these vulnerabilities prior to the cyberattack were inadequate.”

A man in a suit wearing glasses speaks in front of a microphone.
Sean Murray is director of research and quality assurance in the Office of

N.L. says Hive ransomware group was behind 2021 cyberattack on wellness programs

The Newfoundland and Labrador authorities claims the Hive ransomware group was at the rear of a cyberattack that paralyzed the province’s wellbeing-care system a yr and a half in the past.

But best government officers however is not going to say regardless of whether they paid a ransom.

“We won’t be able to disclose nearly anything about a ask for for a ransom, for protection reasons,” Justice Minister John Hogan informed reporters Tuesday afternoon.

“Once again, that is tips we get from security companies, lawful directions, legal suggestions, and other groups that have experienced this transpire to them.”

U.S. legislation enforcement officials declared in January that they experienced dismantled the Hive ransomware community.

Hogan said that disclosure cleared the way for officers in Newfoundland and Labrador to eventually say who was responsible for the assault that focused their methods 18 months ago.

“Just one of the explanations once again, I want to pressure, that we’re in a position to reveal who the entity is, is for the reason that of the function that was finished in the States by the Office of Justice there,” Hogan mentioned.

“We now know that the danger has been extinguished. So now that that does not exist any additional, we feel we are risk-free to disclose it to the general public. Doing so any before would have still, we felt, put techniques at chance.”

A man wearing a suit looks at the camera and smiles.
Newfoundland and Labrador Justice Minister John Hogan would not say whether the province paid a ransom to cyberattackers in 2021. (Terry Roberts/CBC)

According to U.S. legislation enforcement, the Hive ransomware team specific additional than 1,500 victims all around the planet and gained over $100 million in ransom payments, beginning in June 2021.

American officials stated the FBI had penetrated Hive’s laptop networks because late July 2022, captured its decryption keys, and

Back To Top