Some 82,000 people can expect to receive a letter this month notifying that their personal information was stolen in a cyberattack last fall at Bluewater Health.
In its most recent update Wednesday, the group of hospitals impacted by the Oct. 2023 cyberattack — Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, along with their shared services provider, TransForm Shared Service Organization — said the review into affected data is now complete, “with individuals in our communities being notified if their information was impacted.”
“Individuals will start to receive letters in the mail during the week of April 8 from hospital providers if their information was stolen by cyber criminals during the attack,” a news release stated, noting that each hospital was impacted differently.
Bluewater Health was the hardest hit of the group of southwestern Ontario hospitals targeted in the attack on Oct. 23. The hospital group says no ransom was paid.
“Except for Bluewater Health, electronic medical records were not impacted, however personal health information stored elsewhere on our systems was involved, including patient and for some organizations employee information,” the hospital group stated.
Officials announced in November that data on some 5.6 million patient visits had been stolen — including information on every patient seen at Bluewater Health or predecessor institutions since Feb. 24, 1992.
The following is the approximate number of patients per hospital that will receive notification by letter. If a patient was seen at multiple hospitals, they will receive multiple letters, so there is likely overlap in these totals, officials explained:
- Bluewater Health: 82,000
- Chatham-Kent Health Alliance: 69,000
- Erie Shores HealthCare: 102,000
- Hôtel-Dieu Grace Healthcare: 46,000
- Windsor Regional Hospital: 27,800
“Our approach around notifying individuals has been done in communication with Ontario’s Information and Privacy Commissioner,” officials added. “We continue to work to strengthen our systems to prevent these types of incidents – which have become all too common for organizations across Canada and the globe.
“To our patients, community, and healthcare professionals, we truly apologize for the inconvenience this cyber-attack has caused you. Thank you for your patience throughout this notification period.”
For more information, please see the Bluewater Health FAQ on their website.