Daixin’s Ransomware Attack Paralyzes Five Ontario Hospitals


The Daixin team, notorious for targeting the public health sector, emerged in June 2022 when they executed their first ransomware attack. In their most recent assault, Daixin leaves five Ontario hospitals crippled.

Unlike other cybercriminal groups, Daixin’s hallmark is their focus on critical health infrastructure. In this attack, they targeted Transform Shared Service Organization. Transform is the organization responsible for critical IT, supply chain, and other services for five hospitals in Ontario. Transform issued a press release on October 23rd, acknowledging a systems outage, including email, and difficulties accessing customer appointments. On October 27th, Transform, after being thoroughly disrupted and forced to manually reschedule appointments, officially confirmed their status as victims of a vicious cyberattack.

Recent reports by CBC revealed that over the past two weeks, radiation treatments for cancer patients had to be transferred to other hospitals. Surgeries and appointments had to be rescheduled as the ransomware attack completely paralyzed hospital Wi-Fi, email, and patient information systems.

In the aftermath, Daixin claimed responsibility for the attack, seeking financial gain as is familiar with ransomware groups. Beyond disrupting hospital operations, they stole over 5 million records, including personally identifiable information and protected health data, which amounts to a staggering 160 GB of sensitive documents stored within Transform’s internal servers.

Daixin has yet to disclose the method they used to breach the systems but admitted to gaining access a week before deploying the ransomware, taking only a few hours to compromise the system after initial access. They revealed that administrator account passwords across all hospital domains were identical, and network segmentation was notably weak, allowing them to roam freely within the system.

Although Daixin claimed to have encrypted “thousands of hosts,” they remained silent on the precise ransom amount. While negotiations were initiated by one of the hospitals in an attempt to retrieve their data, Daixin indicated that these discussions didn’t progress significantly. Daixin mentioned a possible settlement of around $4 million, all the while hinting at their suspicion that the hospital might be prohibited from making payments by the government.

Daixin stands out as one of the most ruthless cybercriminal groups, with a notorious track record of targeting hospitals and showing no remorse when it comes to exposing sensitive data. A leaked conversation between Transform and Daixin has unveiled chilling insights into their ruthless negotiation tactics.

The deliberate disruption of critical medical care seems to be an act Daixin has no qualms about committing. They specialize in infiltrating a hospital’s network, exfiltrating data, encrypting files, and then demanding a ransom.
Today, Daixin has begun releasing all the data stolen from the hospitals. Thousands of individuals’ private data and medical records are now accessible online. This situation underscores the stark reality that when dealing with cybercriminals, there is often no room for remorse or compassion.