DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update: Sensitive patient data leaked from TransForm ransomware incident; hospitals and centers affected

Posted on November 5, 2023 by Dissent

As predicted, Daixin has leaked the third part of the data they exfiltrated from TransForm and Canadian healthcare entities. DataBreaches reported the first leak when Daixin publicly claimed responsibility for the attack. The second leak followed two days later, and less than one day later, the third tranche dropped.

As with the first two leaks, this latest leak also contains numerous files with internal information and some personnel information, but it also contains a great deal of sensitive patient information and IT-related information.

While no major databases have been leaked (yet), DataBreaches came across a database with discharge data on patients from 2015. There were almost 800 entries for patients where the fields consisted of the patient’s name, date of birth, age, date of admission, date of discharge, their diagnosis, a field labeled CMG, their appointment at TDFHT (Tillsbury District Family Health Team), their discharge status, whether the patient was readmitted in 30 days, the name of the primary care provider, and a field for comments. Yet another spreadsheet contained the same structure, but included 340 rows of data for patients discharged in 2013 and 652 rows for patients discharged in 2014. Not all of these represent unique patients because some patients appear to have been admitted and discharged in more than one calendar year. DataBreaches did a quick search to try to determine if these were real patient data by conducting a google search for named patients whose records had been marked as “deceased” in the spreadsheets. DataBreaches was able to find obituaries for those patients whose names, ages, and Ontario location corresponded to the information in the spreadsheets.

Another patient-related spreadsheet from TDFHT contained more than 14,290 rows, where the data fields included the patient’s first and last names, PHN (personal health number), date of birth, gender, home phone number, and provider name.

DataBreaches also found data related to named patients at Erie Shores Healthcare, Leamington District Memorial Hospital, and other entities.

Even when patient identifying information was not the primary data collected, it appeared in some files such as a survey of patients who received cancer chemotherapy treatment. The survey’s last question was, “Would you like someone from Erie Shores HealthCare or Windsor Regional Cancer Centre to contact you to learn more about receiving chemotherapy treatment at Erie Shores HealthCare?” Some respondents to the question answered “yes” and gave their names and phone numbers.

Not all patient information was part of any organized archive or database. DataBreaches also found one file of more than 500 pages on a single patient. It appeared to be part of a lengthy medical record with scans of handwritten notes in nursing/medication records as well as test results and other reports on the patient. A google search revealed that the named patient passed away in 2020.

While the spreadsheets noted above contained sensitive information such as diagnoses, other files in the data leak were even more sensitive. DataBreaches found clinical case reviews with detailed personal and medical information on patients, as well as even more sensitive M&M reviews. M&M reviews are “Morbidity & Mortality” reviews. They are standard protocols in hospitals and health care facilities where specific cases are reviewed in a setting that it designed to remain secure and confidential so that staff can share information about a case frankly and freely and learn from it. If healthcare professionals cannot trust that hospitals and facilities will keep these M&M files secure from data leaks and breaches, will they talk freely and frankly about any errors that might have been made in a patient’s care so that they can all learn from it?

The M&M reviews were not the only sensitive files DataBreaches spotted. There were also files relating to patient complaints and communications about complaints about named personnel’s handling of a patient or case. As with the M&M reports, there was no password protection on any of the files DataBreaches skimmed.

The above is not intended to be a comprehensive inventory or description of the third leak, but it is intended to remind the public what can happen when threat actors can gain access to a network and why entities need to really evaluate whether they have adequate security for sensitive files.

There is still one part of the data leak that Daixin has not yet dumped — databases. DataBreaches will continue monitoring this incident. DataBreaches does not know whether Canadian or provincial law requires individual notification of patients whose personal and health information have been leaked or breached, but if it does, these entities have a ton of notifying to do.

Related posts:

  • OakBend Medical Center hit by ransomware; Daixin Team claims responsibility
  • Another hospital hit by ransomware: Columbus Regional Healthcare System in North Carolina hit by Daixin
  • Exclusive: Daixin Team claims responsibility for attacks affecting Canadian hospitals, starts leaking data
  • Acadian Ambulance hit by ransomware attack; Daixin claims info on 10 million patients stolen
Category: Commentaries and AnalysesHealth DataNon-U.S.Of NoteSubcontractor

Post navigation

← Summit Health has hundreds of locations. Were they victims of a cyberattack by LockBit3.0?
Data of 171,871 Deer Oaks Behavioral Health clients and employees dumped by ransomware group →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ShinyHunters and team members arrested in France (1)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.