cognitive cybersecurity intelligence

News and Analysis


Daixin Exposes More Information from Bluewater Health and Other Hospitals; Databases Await Unconfirmed Leaks

Hello, my dear healthcare and cybersecurity companions! I dare say, you may have heard the recent buzz about the Daixin Team spilling the beans on some sensitive data linked to five Ontario hospitals. If you missed it, let me bring you up to speed.

Towards the end of last year, our mates over at DataBreaches made us aware of their first data leak. What a colossal blunder that was! And now, barely having time to recover from the initial shock, we learn about another data spillage, this time packed with internal hospital files. Administrative matters, forms, and some employee information were all laid bare. On the plus side, there seemed to be some reassurance in the fact a number of potentially sensitive files, with details of staff disciplinary proceedings and the like, were under lock and key – password-protected, thankfully.

But, worryingly, patient details weren’t spared in this recent spill either. It’s nothing like their first leak, which was chock full of scanned patient files. This time, details of COVID-19 vaccinations, including patient names and dates of vaccinations, all came to light. Even their reactions to the jabs and perhaps their medical histories weren’t safe! There were also files that held information on certain patients’ medications, dosages, and recommendations, complete with the dates, diagnoses, and some interesting commentary related to dosage plans.

Daixin claim there is more to come. And let’s just say, they happen to be rather steady with their data spills. A strict no-dilly-dally approach – leak the data, pronto, once their deadline lapses. Going by their pattern, DataBreaches predicts more data leaks are afoot, possibly in a matter of days. I mean, a third leak followed by a fat database dump doesn’t sound too merry, does it?

What’s more, the phrase ‘full leak’ doesn’t necessarily mean ‘all data’, at least according to Daixin. They hint at a bit of a change in the script when it comes to handling victims who refuse to cough up the cash. You see, these data spillers might just be considering flogging some of the stolen information instead of leaking it. It appears bulk-selling to data brokers, who can then re-sell it to scammers and other such unsavoury characters, is the modus operandi.

Asked if they knew where the data would end up, Daixin offered the old, ‘once it leaves our hands, it’s not our concern’ line. Whether they’ll walk the talk is anyone’s guess. We, on the outside, will be none the wiser unless some good Samaritan provides proof of sale to this information.

Is this all just scare tactics, a ploy to get victims to loosen their purse strings? For the Ontario hospitals and TransForm, I fear it’s too late to ponder on that. Nonetheless, it gives prospective victims something to mull over. It’s a sticky wicket now, isn’t it? As for DataBreaches, and us by extension, we’ll have to keep our ears to the ground and our eyes on this unfolding saga.

by Parker Bytes

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts