Cyberattack Disrupts Patient Care: Delayed Treatment Across 5 South-Western Ontario Hospitals
- November 3, 2023
- 6:51 am
Five southwestern Ontario hospitals are being confronted with a cyberattack, because of which they are facing a delay in their regular operations. The families have spent time waiting, and in the end, their appointments are being canceled due to this issue. This attack was declared on Monday, October 23, 2023.
Tianna Giesbrecht, who went to the Windsor Regional Hospital’s Met campus by ambulance due to suspicion of a problem in her appendix, said that she went to the hospital at around 5 PM by ambulance; however, she was not attended to by anyone until Tuesday evening. She spoke to a CBC reporter via Facebook Messenger and conveyed that many patients who were waiting for treatment alongside her left the hospital without being treated. She also said that the hospital employees were getting “frustrated” and were unable to rely on online records due to the cyberattack, leading them to refer to the paper records.
Being employed in the IT sector, she was irritated with the fact that the hospitals were not well prepared for such situations. She also says that it is frightening to see that a large number of people are in pain and are unable to get proper treatment, and people are unable to do anything but wait.
Windsor Regional Hospital, Erie Shores Healthcare, Hotel-Dieu Grace Healthcare, Bluewater Health, and Chatham-Kent Health Alliance are the five hospitals where patient records and other online services, as well as important emails, have been inaccessible since Monday morning. These five hospitals issued a statement on Monday night saying that those who were given appointments for the coming days would be rescheduled or that they would be provided with some other facilities.
In a joint statement, the hospitals stated that they requested that people if they do not need any emergency treatment, go and visit their primary care provider or a local clinic so that the burden on the hospitals is reduced as they are relentlessly working towards it and providing treatment to the patients who need hospital care. They also stated that due to these unforeseen circumstances, they might not be able to attend to all the patients and might need to reschedule the treatment in person at their premises.
According to the organization’s website, the systems that are affected by this cyberattack were provided by TransForm, which was founded by the non-profit hospitals, so that they can run the information technology, supply chain, and accounts. Transform confirmed on Monday night that the hospitals under it are grappling with cyberattacks. The company said that it is investigating the cause and scope of this scenario and whether any information about the patients was confronted due to it. It also mentions that they are running their operations from a backup but accessing the documents can be time-consuming.
Karen Churcher, the wife of a patient named Barry Cox, who is admitted to Bluewater Health in Sarnia, stated that he has been hospitalized for two weeks awaiting cardioversion. It is a procedure where normal heart rhythm is restored to an abnormally beating heart. However, the procedure was called off on Tuesday morning.
She said that it was unfortunate that the treatment was canceled at the last moment, and it is uncertain when the treatment will be rescheduled. She added that he will have to stay in the hospital until the procedure takes place. She also stated that both of them are feeling helpless and frustrated, and all her husband wants to do is go back to their home, lay down on his bed, and recover from the illness. Even though her husband is in stable condition, they cannot leave the hospital until the procedure is conducted. She also fears that in such a chaotic situation, they are occupying a bed that might be needed by another patient. Further, she says that she is apprehensive as there is no indication of when the procedure will be conducted. She also says that her husband is also feeling disheartened.
She further mentions that the hospital is trying its best to keep its operations running in such a scenario. She also described the environment at the hospital as “all hands on deck,” as the staff is working relentlessly. According to her, “Unfortunately, we rely so heavily on technology that when we lose the technology that we rely on, it creates a disruption in the system and puts patients at risk.“
Which Police Agency is Working Towards the Cyberattack is Not Being Revealed by the Company
Michelle Watters, director of stakeholder relations at TransForm, told CBC News on Tuesday morning that the police are working on this case; however, he did not reveal which police department is investigating. The spokesperson, however, clarified that neither the RCMP nor Chatham-Kent or Arnia police are involved in solving the case.
Windsor police and OPP did not give any comment until Tuesday afternoon, even after being requested.
There Has Been No Notification Of A Cyberattack To The Privacy Commissioner Yet
In a statement to CBC News, the Office of Ontario’s information and primary commissioner stated that the people responsible for healthcare information are supposed to notify them about certain types of data breaches. According to the statement, the commissioner has not been notified about this incident, and they will be contacting the affected hospitals. They further mentioned that they have not received any complaints from the public related to this matter as of yet.
Transform, in a statement that was released on Monday night, said that they are still figuring out whether any information about the patient was affected or not. According to the commissioner’s office, cyberattacks are an “increasing threat” to personal information, and hospitals should be well equipped for cyberattacks by increasing staff awareness and funding in the best practices of education and the healthcare industry. Furthermore, they mentioned that “personal health information is particularly sensitive, and privacy breaches can have devastating impacts for individuals and ultimately undermine trust in the healthcare system.”
An Expert Says That Hospitals Are Common Target For Cybercriminals
Daniel Tsai, who is a technology expert and lecturer at the University of Toronto, says that hospitals and other public institutions are common targets for cybercriminals because they hold sensitive private information about the patients and the hospital. He said that the cybercriminals take this as an opportunity to redeem as much money as possible from these hospitals. Even though he is not aware of the specific information, he said that according to his expertise, the cyberattack was serious as it led to the IT providers taking the systems offline, which the company mentioned was done on Monday morning. Daniel stated that there are various types of cyberattacks; however, we are not sure which one has occurred in this scenario, but all cyberattacks have the same target. He mentioned that “it usually involves some form of extortion where hackers control the sensitive data and prevent access to it, which results in a major threat.” He further mentioned that even though an investigation is going on, it will be difficult to find the culprit, specifically if they are focusing on where the attack was made. Countries where cyberattacks are common are China, Russia, and North Korea. Tsai further said good luck to the investigation team to get justice and get the police and court system recognized abroad if the cyberattack was done by the above-mentioned countries. He says this because he feels that if another country is responsible for this cyberattack, it will be a big problem.
Furthermore, he stated that it would take some time to resolve this problem, as getting the hospital’s system back online would require certain procedures incorporating the assessment of how much the network system was attacked and the recovery processes. He stated that this incident can be seen as an awakening lesson for other hospitals and this industry to be well equipped to ascertain that this kind of situation never happens again. “Sometimes, we can learn the best from our failures and our mistakes.”
Lately, cyber-attacks have seen a significant surge. With this surge, comes the critical need for cyber security measures. All organizations need to spread cyber security awareness and give an introduction to cyber security to combat various cyber security threats ranging from malware and phishing attacks to data breaches and ransomware. Adopting various cyber security tools and techniques such as firewalls and encryptions can help effectively combat different types of cyber security threats. Formulating effective cyber security policies and cyber security risk management strategies will level up your cyber security game and give you complete 360-degree protection.
Organizations can also partner with top cyber security companies in India which offer various cyber security applications across industries. Cyber security is not just a necessity but a fundamental requirement in our digital landscape. It protects individuals, businesses, and nations from malicious attacks, ensuring the safe and secure functioning of our interconnected world. As threats continue to evolve, staying informed and proactive is key to staying ahead in the cyber security game.