This past week, cyber criminals disclosed hundreds of patient and staff information on the dark web from the cyber attacks on Ontario hospitals. These attacks and data leaks serve as a stark reminder that no matter the industry, cyber criminals will ruthlessly attack your network to obtain ransom.

As cyber security professionals, mainstream news events like this can be a key tool for you to evaluate your current security strategy and help educate your employees. In this blog, we’ll delve into what happened, why public institutions became targets, and most importantly, the crucial lessons that businesses, regardless of their industry, can learn from these incidents.

What happened in Ontario hospitals?

A group of Lambton County hospitals fell victim to a ransomware attack on October 23rd. The attack led to outages in hospitals in Sarnia, Windsor, and more. After further investigation, the hospitals released updates that confirmed that millions of customer data were affected.

Bluewater Health, a hospital in Sarnia, was the most heavily targeted spot for the malware attack.

Ontario hospital picture

"It’s been a “super-fantastic” experience to see people learning and talking about security threats."

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

They recently confirmed that the cyber criminal stole data from over 250,000 patients, with any visit since 1992 compromised. The most alarming part of this data breach is that the hospitals had customer SIN numbers stored on these data files, and so far, more than 20,000 have been confirmed to be stolen. 

Why target public institutions?

KnowBe4 recently reported that there has been a concerning uptick of interest in targeting public sector businesses in cyber attacks. Why would cyber criminals target publicly-funded businesses rather than the larger cash holders like banks?

Cyber criminals can easily sell stolen customer data on the black market. The information these hospitals kept on hand, like SIN numbers, can sell fast and for large sums of money. Also, proven through these attacks and the attack on the Toronto Public Library, public institutions may not have all the data security updates they should have for the data they’re keeping. 

Lessons to learn

All industries are susceptible to cyber attacks, not just banks

The belief that certain industries or business sizes are immune to cyber attacks is a dangerous misconception. Cyber criminals target organizations based on vulnerabilities, not industry labels. Every business, regardless of its sector, needs to recognize its attractiveness as a potential target and invest in comprehensive cyber security measures.

If you’ve been sliding under the radar by only checking compliance boxes, now is the time to get your head in the game and protect your business from the very real threats that are out there.

Check your current data protection strategies 

The attackers claimed that the reason behind these attacks was to show businesses that sensitive data can easily be stolen and should be better protected. Let this be a warning to your business that no matter your industry, you should be doing the same. 

Use this attack as a case study to evaluate your current systems and strategies. What data could easily be exposed if a cyber attacker released malware like this in your system? 

The stolen data was reported to be a “varied level of sensitivity”, meaning that low-security and high-security information were potentially stored in the same place. This should never be the case. Take the time to identify your most sensitive data and focus on getting this data under the highest security first, then worry about your other levels of data. 

Have a system outage & breach plan

Preparation is key. Following this malware attack, the hospitals’ systems were down, and their operations slowed or stopped moving altogether. They are still moving back appointments due to losing access to or misplacing information. Take this as a sign to make a system outage plan. If, in the worst-case scenario, you had to shut down your network, how would you continue business? How would you notify customers that systems were down? What does the lockdown process look like?

In this event’s reporting process hospitals originally claimed that no SIN data was stolen. However, they have now retracted their statement and said that at least 20,000 SIN numbers were taken. Having mixed messaging will only confuse and frustrate customers further. Along with your system-outage plan, have a breach communications plan. Who will write the releases? Who will give them information to release? How fast do you want to give out information? Remember, quick transparency is optimal, but if you are unsure about certain data, it’s better to wait until the information is confirmed so you never have to retract your statements. 

Consistently reflect on the data that you collect & keep

As mentioned earlier in the article, the most concerning part of this data breach is that SIN numbers were stolen. When someone has access to your SIN number, they can easily impersonate you and ruin your credit, receive government or tax payments as you, and potentially even work illegally. 

The President of the Privacy Coalition, Sharon Polsky, asked a great question: Why did the hospitals even keep the SIN numbers of their patients? Especially those that were from 30 years ago. Had the hospitals better prioritized the data they kept and stored, this part of the breach could have been avoided all together. 

During your case study and evaluation, assess the data you collect. Ask: Is it necessary? For how long do we need to keep it? Retain only data that is essential and only for as long as you will need, minimizing the potential impact of a data breach.

Educate your employees on ransomware

Although the average employee doesn’t need to understand exactly how ransomware works, they must understand the ways they can stop it from entering your system. 

Have modules on phishing, social engineering, and password hygiene to educate your employees on the ways malware can infect your network. Your employees can become your strongest defense against malware when they are given the right tools.

Screenshot of QR code phishing simulation

Host modules on phishing and social engineering using the Click Armor gamified platform. Book a demo to learn more. 

Ensure all employees use MFA and strong passwords

The source of the malware infection in the hospitals’ networks has still not been confirmed. However, it is never a bad time to check that all employees are using Multi-Factor Authentication and strong passwords. These measures add an extra layer of security, making it more challenging for cyber criminals to gain unauthorized access.

The cyber attacks on Ontario hospitals serve as a critical wake-up call for businesses to reassess and strengthen their cybersecurity posture, no matter the industry. By learning from these incidents, organizations can better protect themselves and their customers from the growing threat of cybercrime. It’s not just about securing data; it’s about safeguarding the trust and confidence of those who depend on your services.


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.