Headwaters confirms unauthorized email activity

ORANGEVILLE, Ont. – Headwaters Health Care Centre has confirmed the cause of suspicious email activity that led to the shutdown of their internal systems, and the closure of the COVID-19 assessment centre.

The hospital’s information technology team noticed suspicious email activity on Nov. 25, with a number of spam emails sent from the CEO Kim Delahunt’s email account to hundreds of contacts, primarily staff members of the hospital. As a result of the security breach, the hospital shut down their internal system as well as access to the internet and key external partners.

“As an organization we take cybersecurity very seriously and have numerous measures in place to protect our data,” wrote the hospital in a notice. “Thankfully, our team noticed unusual activity quickly and [acted] immediately.”

It was then determined that the unauthorized access was found to be from Lorenz ransomware, which stated that all the hospitals files across its entire system had been encrypted, including private medical data.

Lorenz is a new variant of Sz40 ransomware, which is designed to encrypt data and demand ransom for decryption. This means Lorenz renders affected files inaccessible and then asks for payment to regain access.

The hospital is working with cybersecurity experts to help safely restore IT services and investigate what happened and whether any sensitive data was exposed. This process will take some time. “We are committed to being transparent and will notify individuals if we learn that personal information has been exposed,” said Headwaters.

Although many of the systems are down, Headwaters has robust processes in place to maintain safe patient care.

Scheduled surgeries or procedures have not been impacted at this time and the emergency department is open 24/7.