Criminals have hacked into the database of a specialist cardiology unit in Melbourne’s Cabrini Hospital and seized medical files of about 15,000 patients.
The Age reported today a cybercrime syndicate targeted Melbourne Heart Group, a tenant of the hospital.
Hackers managed to copy malware into the MHG’s servers, which corrupted their data and locked them out of patients’ files for more than three weeks.
Although the origin of the hackers is unclear, the malware used to infiltrate and cripple unit’s security network is thought to be from North Korea or Russia.
After infecting MHG’s data, the criminals demanded a ransom to be paid in cryptocurrency in exchange for the password that could break the encryption so medical staff could access the files again.
According to The Age, the ransom was paid but the criminals didn’t deliver. Some of the corrupted files could not be recovered, among them the personal details and sensitive medical information of many patients.
MHG is now in administrative chaos, with some patients having their appointments disappear and others having their medical records lost with no explanation.
Commonwealth security agencies are now investigating the attack. The Australian Cyber Security Centre said it would assist with cyber security advice.
“The protection of personal patient information is of the utmost importance … patient privacy has not been compromised in this instance,” said an MHG spokesperson.
MHG dismissed fears criminals could have accessed data that would allow them to compromise cardiac implantable electrical devices, like pacemakers and defibrillators.
Professor Matt Warren, Deputy director of Deakin University’s Centre for Cyber Security Research, said the data breach was most likely a “ransomware” attack.
He explains that it’s probable that the infection could’ve come from a malicious link on a phishing email, which a member of staff may have clicked and inadvertently allowed the malware to enter the hospital’s system.
“It’s sophisticated in that you have to get the malware onto the hospital system, but once you have done that then it is relatively easy,” he told The Age.
“Other than the cost it isn’t hard to be protected from this … organisations need to update and patch their security and systems regularly because the problem you have is the hackers’ capabilities are becoming more sophisticated.”
Via The Age