Hospital Recovery from Ransomware Attack to Take Weeks, CEO Announces

This is a screenshot of cybercriminal Daixin's webpage on the dark web. Daixin has claimed responsibility for a ransomware attack that has stalled care at five hospitals in southwestern Ontario.

Cybercriminal Group Boasts Theft of Millions of Health Records

The CEO of Windsor Regional Hospital, David Musyj, has revealed that recovery from the recent ransomware attack plaguing southwestern Ontario hospitals will take several weeks. This statement comes in the wake of a brazen claim of responsibility by a cybercriminal group on their online blog, where they detailed the attack and boasted about the theft of millions of private patient records.

Refusal to Pay Ransom

Twelve days after the attack began, the healthcare services of five hospitals remain disrupted. According to CBC News, hospital officials, after careful consideration, have chosen not to meet the ransom demands of the cybercriminals, a decision grounded in the distrust of the criminals’ promises to delete the stolen information. Musyj stated, “We knew … that we could not trust the promise of a criminal to delete this information,” underscoring the sentiment that payment would not guarantee a quicker or safer recovery of the network.

Hacker Claims and Data Leaks

The hackers, identified by a report on and by CBC News sources as the ‘Daixin‘ group, retaliated to the non-payment by releasing a portion of the stolen private health information on the dark web. This criminal group has been actively investigated by multiple police organizations, including INTERPOL and the FBI. The attack forced five hospitals to revert to paper charting as it shut down their IT provider, TransForm’s, internal health systems.

Brett Callow, a threat analyst for Emsisoft, cautioned that the claims made by these hackers should be approached with skepticism, despite their attempts to pressure the healthcare systems into paying the ransom. According to CBC News, Callow stated, “We cannot assume that Daixin is telling the truth. Their intention will be to show the hospital in a bad light.”

During a hospital board meeting Thursday, Windsor Regional Hospital CEO David Musyj says recovery will take weeks, but that staff are working hard to make sure the hospital is restoring delayed service to patients. (Mike Evans/CBC)

A Plea for Mercy

In what appears to be a dire attempt to protect patient care, a screenshot of a message conversation between the hospital’s negotiator and the cybercriminal group was made public. The hospital’s negotiator expressed the consequences of the attack on patient services, pleading with the group to delete the data and cease their activities.

The Aftermath and Moving Forward

Despite the challenges posed by the cyberattack, Musyj commended his staff for their resilience, noting that ambulatory surgical procedures had not been delayed, and scheduled surgeries were nearing full resumption. The focus remains on the safety and continuity of cancer treatments. Collaboration with leading cyber experts and Ontario Health is underway to restore stability to the affected health care systems.

Musyj’s report to the hospital board underscored the difficulty of the past 11 days but expressed confidence in the hospital staff’s response to the crisis.

The Impact on Patient Data

The Daixin group claims to have stolen more than 160 gigabytes of data, comprising 5.6 million records of personally identifiable information, as well as sensitive documents from internal servers. According to, which has been reporting on the attack, the extent of the damage and whether all backups have been destroyed remains unclear.

Industry Analysis

Experts like Callow warn of the consequences of paying ransoms and suggest that non-payment deters future attacks. He affirmed the hospitals’ decision not to pay, emphasizing that ransomware attacks persist solely because they are profitable.

The Human Cost

The ordeal extends beyond the digital realm, affecting real lives and care schedules. Dissent remarked on the typical lack of empathy from cybercriminals, who tend to view their actions as purely business transactions, regardless of the human toll.