In a suspected ransomware attack, a cybercrime syndicate has hacked and scrambled around 15,000 medical records at a Victorian hospital.
Medical files from Melbourne Heart Group, a specialist cardiology unit based within the Cabrini Hospital premises in Melbourne, had been compromised, with the hackers restricting access to the records for more than three weeks and demanding a ransom for access, according to The Age.
It was reported that the hack started as a malware attack, crippling its server and corrupting the data and that the cybercrime syndicates demanded ransom be paid in cryptocurrency for a password that breaks the encryption.
This resulted in some patients not having any records at the unit, while others got told that their “files had been lost”.
The malware is believed to be from Russia or North Korea.
The Age also reported that a ransom payment was likely made by the Melbourne Heart Group; however, not all of the scrambled files have been recovered.
Commonwealth security agencies including the Australian Cyber Security Centre and Federal Police are assisting the hospital with the case.
Cabrini Chief Executive Dr Michael Walsh confirmed with HITNA that the data storage and other information systems in specialist suites are owned and managed by the specialists, not by the Cabrini Hospital.
“The specialists are not employees of Cabrini. No Cabrini data storage or patient-related systems or operations have been impacted or compromised by this incident and there has been no breach of hospital patient data,” Walsh said.
He also said that the protection of patient information “is of the utmost importance and is a responsibility Cabrini takes very seriously”.
A Melbourne Heart Group spokesperson told The Age that there were no connections between the data encrypted with any function in relation to cardiac implantable electrical devices like pacemakers or defibrillators.
The spokesperson did not confirm the number of files affected, nor if the ransom had been paid.
Update 27/02/19: Melbourne Heart Group has since advised that no patient’s privacy was compromised or breached in this ransomware attack.
[Read more: NSW Health Minister apologises as hundreds of abandoned medical files are discovered in derelict former aged care facility | One year on from WannaCry and healthcare organisations are prime targets for cyber attackers]
Tenable ANZ Country Manager Bede Hackney said healthcare organisations continue to be an attractive target for cybercriminals and with the rollout of My Health Records complete, malicious activity is expected to increase.
“Healthcare naturally has a target on its back due to the wealth of personal and sensitive data it shares,” he said.
“Developers of ransomware and other malicious code are creating new methods of exploiting systems on a daily basis. Australian healthcare organisations, small and large, public and private, must protect themselves and the patient data they store in the face of a rapidly evolving attack surface.”
Furthermore, Hackney said that being locked out of critical health information, such as what is stored in centralised databases like My Health Records, can have “life-threatening consequences”.
However, he said the techniques utilised by ransomware can be prevented – and the probability of an infection reduced – by taking a few steps.
“A good starting point is to consult the ASD Essential Eight Maturity Model, which outlines security practices such as regular patching to minimise cyber risk,” Hackney said.
“With patient lives and records on the line, healthcare organisations must take a proactive approach to preserve the integrity of the data they’ve been entrusted to protect.”
StorageCraft Asia-Pacific Head of Sales Marina Brook attributed recent findings from global cybersecurity insurance provider, Beazley, which said that 45 per cent of all ransomware attacks in 2017 were aimed at the healthcare sector.
"The ransomware attack on the Melbourne Heart Group reinforces the importance of ensuring that data is stored securely and, equally important, is able to be restored within the shortest time possible, to prevent compromising quality of care for patients," she said.
"When a human life is in the balance, there’s no time to wait for completion of bitcoin payments to criminals, nor do we have the luxury to wait for terabytes of patient data to be restored over a week. The data needs to be restored and available within seconds.”
StorageCraft most recently introduced StorageCraft for Healthcare, a converged scale-out primary and secondary data platform with integrated data protection.
