Hackers behind the recent ransomware attack affecting Bluewater Health stole the information of over 250,000 patients, including the Social Insurance Numbers (SIN) of thousands.
In an update issued on Thursday, Bluewater Health said a database theft contained the information of approximately 267,000 patients, dating back to 1992.
The Social Insurance Numbers of an estimated 20,000 patients were also stolen.
Bluewater Health said they will directly notify all those whose SIN was included in the database theft and will provide affected individuals with two years of complimentary credit monitoring.
Other information stolen may have included names, addresses, contact information, dates of birth, basic demographic information, reasons for visit, and general notes on prior registrations.
All patients who registered for treatment at any of the following institutions since February 24, 1992, are believed to be affected:
- Bluewater Health
- Lambton Hospitals Group
- Charlotte Eleanor Englehart Hospital of Bluewater Health
- Sarnia General Hospital
- St. Joseph’s Hospital
Bluewater Health and other hospitals in Chatham-Kent and Windsor were impacted in late October after a shared service provider, TransForm Shared Service Organization, suffered a cyberattack. Each institution was affected differently.
Findings from the ongoing investigation have been reported to the Ontario Information and Privacy Commissioner (IPC).
Those affected have the right to file a complaint with the IPC. Further details can be found on the IPC's website.
Inquiries can also be directed to a patient cybersecurity hotline at 519-437-6212, Monday through Friday from 8 a.m. until 11 p.m.