Paul Pedro reports a follow-up to the massive ransomware attack on Ontario hospitals via an attack on TransForm by the Daixin threat actors:
The Information and Privacy Commissioner of Ontario (IPC) has completed a review into a massive cyberattack on five regional hospitals in 2023 and found hospital officials acted “adequately.”
But in its decision, the IPC said the investigator found the custodians of the information did not notify affected patients as required under the law.
The hackers stole and disclosed the personal health information of hundreds of thousands of patients at Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital during the ransomware attack in October 2023.
“I find that although the custodians appropriately notified individuals affected by the data exfiltration, they were also required to notify those affected by the hostile encryption, which they did not. Despite this finding, I decide that there is no useful purpose in ordering additional notification at this stage,” concluded the IPC.
Read more at CKnewstoday.ca.
See: PHIPA Decision 284 (report)