Michael Garron Hospital reports ransomware attack and data breach

Michael Garron Hospital, a community teaching hospital in eastern Toronto reported a data breach of sensitive data pertaining to their employees and medical staff due to a cyberattack that occurred more than a fortnight ago.

The hospital disclosed that the cybercriminals were able to exfiltrate personal details of staff and medical professionals who have been associated with the institution from January 2015 up to 2023. The breach was a consequence of the hospital’s refusal to comply with a ransom demand by a cybercrime group.

Initially flagged on October 26, Michael Garron Hospital declared a Code Grey, indicative of severe IT system crises, and launched an investigation into what they described as a “data security incident.” Despite the cyberattack, the hospital has maintained normal operation of its programs and patient care services.

The hospital, which had previously faced a ransomware attack in 2019, confirmed on Wednesday that there has also been unauthorized exposure of patient and donor data. The extent of the exposure and the identity of the affected individuals are still under investigation.

The exact number of impacted individuals is yet unknown and the details of the exposed data are not disclosed.

In response to the breach, Michael Garron Hospital is providing affected staff and clinicians with complimentary credit monitoring services for two years. They are also dispatching emails to guide current staff and clinicians on how to enroll in these services.