The hackers behind the recent ransomware attack on Bluewater Health have stolen the information of more than 250,000 patients, including the social insurance numbers (SINs) of thousands.
In an update issued on Thursday, Bluewater Health said a database theft contained the information of approximately 267,000 patients dating back to 1992.
The social security numbers of an estimated 20,000 patients were also stolen.
Bluewater Health said it will directly notify anyone whose SIN was included in the database theft, and will provide two years of free credit monitoring to affected individuals.
Other information stolen may have included names, addresses, contact information, dates of birth, basic demographic information, reasons for visit and general notes on previous registrations.
All patients who have registered for treatment at any of the following facilities since 24 February 1992 are believed to be affected
Bluewater Health
Lambton Hospitals Group
Bluewater Health Charlotte Eleanor Englehart Hospital
Sarnia General Hospital
St Joseph’s Hospital
Bluewater Health and other hospitals in Chatham-Kent and Windsor were affected in late October after a cyber attack on a shared service provider, TransForm Shared Service Organization. Each facility was affected differently.
The results of the ongoing investigation have been reported to the Ontario Information and Privacy Commissioner (IPC).
Individuals have the right to file a complaint with the IPC. Further details are available on the IPC website.