Cybercriminals Hold Australian Medical Clinic Electronic Patient Records Hostage

"They literally got in, hijacked the server, and then ran their encryption software"

2 min read
Cybercriminals Hold Australian Medical Clinic Electronic Patient Records Hostage

ABC News Australia published a report this week about a small medical clinic in Queensland, Australia that discovered cybercriminals, apparently Russian in origin, had been able to break through both the clinic’s server firewall and password system and successfully encrypted all of the clinic’s patient electronic medical records. Thousands of patient files are now said to be inaccessible.

The cybercriminals reportedly are demanding the clinic pay A$4000 to decrypt the information, something that the clinic so far is refusing to do. The clinic's owner says that he is worried that if the clinic does pay, the cybercriminals will decrypt only a small number of patient records, and then demand additional ransom monies on promises to decrypt the remainder, and so on. Right now, the clinic is trying to determine how many patient records can be rebuilt from information retrievable from pharmacists and hospitals, but the owner admits it is “very, very, very difficult” to operate effectively without access to the clinic's patient records.

This incident seems to be just the latest in a trend that is following the increasing digitalization of electronic medical records. A Bloomberg story from August describes several incidents of similar extortion demands in the United States from clinics as well as thefts of electronic medical records

Healthcare providers seem to be an especially good target of opportunity for cybercriminals. According to a new benchmark survey published by the Ponemon Institute, some 94% of U.S. healthcare organizations have suffered a data breach in the past two years, and 45 percent have admitted to experiencing five such breaches over the same period. In addition, Ponemon's survey reports that "54 percent of organizations have little or no confidence that they can detect all patient data loss or theft," which isn't surprising, given that 73 percent of healthcare providers surveyed admit that they "still have insufficient resources to prevent and detect data breaches... and  67 percent of organizations don’t have controls to prevent and/or quickly detect medical identity theft."

You may remember from a few years ago that the state of Virginia's Prescription Monitoring Program website containing prescription information on 530 000 patients was similarly attacked. A cybercriminal claimed to have stolen the patients’ prescription information, encrypted it in a file, and deleted the data. He (or she) demanded in a ransom note left on the website US $10 million for the information's safe return. While state officials (eventually) admitted the website was indeed breached and information likely taken, the state also said that it had all the patient information securely backed up. No ransom was ever paid, and the would be extortionist has never been caught.

As a story in NetworkWorld commenting on the Australian medical clinic situation noted, organizations which have securely stored sensitive information offline or in the cloud have been the most successful in keeping such extortionists at bay.

Image credit: Wikipedia/Rama and Eliot Lash

The Conversation (0)

The Cellular Industry’s Clash Over the Movement to Remake Networks

The wireless industry is divided on Open RAN’s goal to make network components interoperable

13 min read
Photo: George Frey/AFP/Getty Images
DarkBlue2

We've all been told that 5G wireless is going to deliver amazing capabilities and services. But it won't come cheap. When all is said and done, 5G will cost almost US $1 trillion to deploy over the next half decade. That enormous expense will be borne mostly by network operators, companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens more around the world that provide cellular service to their customers. Facing such an immense cost, these operators asked a very reasonable question: How can we make this cheaper and more flexible?

Their answer: Make it possible to mix and match network components from different companies, with the goal of fostering more competition and driving down prices. At the same time, they sparked a schism within the industry over how wireless networks should be built. Their opponents—and sometimes begrudging partners—are the handful of telecom-equipment vendors capable of providing the hardware the network operators have been buying and deploying for years.

Keep Reading ↓ Show less