Hackers hold patient medical records for ransom, demand $4,200

Shawn Knight

Posts: 15,240   +192
Staff member

A group of hackers broke into the Miami Family Medical Centre in Australia and are now holding all of their patient’s medical records for ransom. The hackers didn’t physically take or delete the files but they have encrypted them and are demanding a sum of 4,000 Australian dollars, or roughly $4,196 in exchange for the key.

Without the necessary decryption key, the data is essentially useless to the medical staff. It goes without saying that it would be next to impossible to carry on day-to-day operations at the medical facility without access to patient records.

Miami Family Medical Centre co-owner David Wood said the computers containing the records had the latest antivirus updates and that there is no sign of a virus. He said the attackers literally got in, hijacked the server and executed the code to encrypt the medical files.

$4,200 may not sound like a huge ransom, especially if people’s medical files are at stake. At first thought, the most logical solution would be to just pay the money and move on. But according to former investigator with the Australian High-Tech Crime Centre Nigel Phair, it’s hardly ever that easy. Once a company or an individual pays a ransom, the attackers usually demand even more money in an attempt to see how much cash they can get out of the victim.

It seems the only other option at this point is to hire an independent consultant to see if they can defeat the encryption. One would have to assume that the center didn’t have the data backed up anywhere else. Or as Wood suggests, don’t keep your backups connected to the server.

Permalink to story.

 
Yet another reason to have regular backups and keep some backup set offsite. What would happen if the office had any type of disaster (fire, flood, etc)?
 
Is there not a guy with a twenty-five GPU walking around practically bragging that he can do this in a day or so.

Outsourcing, dammit...
 
What about the physical copies of the records? I know everytime Ive gone to see a doctor they pull out a manilla folder filled with paperwork. Also there has to be someway to bust these *******es. Someway to make these dipsticks pay for thier crime. And yes lets be harsh with the ppl involved in this. Better to nip this particular trend in the bud before it gains any sort of momentum. Or else these type of attacks are going to be common place.
 
.. Better to nip this particular trend in the bud before it gains any sort of momentum. Or else these type of attacks are going to be common place.

How is this any different from a crime stealing physical assets? People just need to realise that computers aren't magic and can be stolen (physically and virtually).

This kind of stuff is a walk in the park. I can go to any retail store, walk past their POS computer and encrypt random things. But I don't - just like how I don't shoplift.
 
I can't believe they don't have any sort of backup system. I mean, every server we install we make our clients put in a fresh lto tape every night to dump the entire system. Then if a server crashes or something like this were to happen, just read in the latest tape. Maybe lose a day or two of work, but it's better than this is by far. I hate to say it because I don't want to see the sick people suffer, but this office deserved it. People as smart as doctors should know the value of multiple copies of data.
 
Back