As five southwestern Ontario hospitals investigate which patients have had their data stolen as a result of a ransomware attack, experts say those affected can take steps to mitigate the risk.
“There’s absolutely nothing they can do to get that data back,” said Brett Callow, a threat analyst with cybersecurity company Emisoft. “So what they should be ready for is the possibility for [that] being misused.”
The hospitals — Bluewater Health, Hotel Dieu Grace Healthcare, Erie Shores HealthCare, Chatham-Kent Health Alliance and Windsor Regional Hospital — and their IT provider, TransForm, experienced a cyberattack on Oct. 23.
In their latest update, officials said that if you visited a hospital in Sarnia, Ont., in the last 30 years, everything from your name to your reason for visiting the hospital, and even — for some — your social insurance number has been stolen.
All the hospitals have some degree of patient and employee data breached, though the impact varies from institution to institution.
The hospitals say they have not paid any ransom in this attack, and have released details this week about what data was stolen from various hospitals. Batches of that data have been published online by the attackers that have claimed responsibility.
WATCH | Cybercriminal group claims responsibility for ransomware attack on hospitals:
Callow says he urges governments to prohibit the paying of ransoms.
“These attacks are financially motivated and the only way that I could see governments quickly bringing an end to them is for the payment of ransoms to be prohibited.”
Tips on how to protect yourself
Sandy Boucher is a principal at the accounting firm Grant Thornton, and he works with digital forensics teams on responding to cybersecurity incidents.
Boucher says he’s dealt with lots of people who have had their information leaked. Sometimes nothing happens — but it’s better to be prepared.
First, he says, notify your bank or banks and advise them of the breach. They can check your accounts for unusual activity that could indicate identify fraud. Notifying your credit bureau and signing up for credit monitoring is also a good idea, he says.
The hospitals are offering two years of free credit monitoring to affected employees and patients whose SIN was exposed in the attack.
Once all of that is done, Boucher encourages people to check their online presence to make sure no new email addresses or social media profiles were created or taken over with your name.
“So the next step that I would strongly encourage people to do is to look at all of their accounts, starting with their email accounts … and go around and methodically change every single password that they have.”
People should also use a good password manager and multi-factor authentication and practice better cyber “hygiene.”
“Good security is not convenient, but it’s a lot more convenient than losing your data in a breach and getting your identity hacked.”
Some data stolen in the attack has been published on the dark web. Boucher says it’s not a place the average internet user can visit.
“It’s a very dangerous place. It’s a very, very small percentage of the overall Internet,” Boucher said. “But it’s like the dark biker bar of a very large city, right? It’s the worst place where the worst criminals of all kinds go globally.
LISTEN | Data breaches discussed on Windsor Morning:
Windsor Morning11:53Data Breaches
“Although the average person might not be able to get to the dark web very easily, the people who are the real risk are probably there all the time.”
Again, not all data that’s leaked will be used for nefarious purposes. But people shouldn’t wait to take the steps to protect themselves, he says.
“If you take action now, you can protect yourself … . Go back to basics, go through all of your platforms and make sure you’ve done everything you need to do to protect yourself.”