The Daxin Team ransomware group has released its third tranche of data stolen from southwestern Ontario hospitals that share an IT services provider because it can’t get a penny from the institutions.
According to Canadian-based Emsisoft threat researcher Brett Callow, this third installment of data was released Sunday. The gang promises to release databases full of information soon.
The institutions in the group — Bluewater Health of Sarnia, Chatham Kent Health Alliance, Erie Shores HealthCare of Leamington, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, along with shared service provider TransForm Shared Service Organization — were hit by a cyber attack late last month that forced the curtailment of some healthcare services.
The websites of the hospitals continue to post an alert notice that their IT systems are still suffering from the attack. It says they are working “around the clock to restore systems.”
According to DataBreaches.net, this latest leak has a great deal of sensitive patient information and IT-related information.
The news site also says it spoke to someone from the group who said it has been considering different strategies for dealing with victims who do not pay, including possibly selling some of the stolen data rather than leaking it.
In an earlier story, the spokesman for the attackers said, “the networks were completely transparent – we could go anywhere.” When DataBreaches asked if that was because of password re-use or failure to segment, or some other reason, Daixin answered, “Maybe they had some kind of segmentation, but the fact that even the wifi in the hospitals disappeared after we attacked can speak to its level. The passwords for some administrator accounts across all hospital domains were the same.”
When asked how many files had been encrypted the person replied, “I’m assuming we’re talking about thousands of hosts.”