Hackers hold patient medical records for ransom, demand $4,200

By on December 12, 2012, 8:30 AM

A group of hackers broke into the Miami Family Medical Centre in Australia and are now holding all of their patient’s medical records for ransom. The hackers didn’t physically take or delete the files but they have encrypted them and are demanding a sum of 4,000 Australian dollars, or roughly $4,196 in exchange for the key.

Without the necessary decryption key, the data is essentially useless to the medical staff. It goes without saying that it would be next to impossible to carry on day-to-day operations at the medical facility without access to patient records.

Miami Family Medical Centre co-owner David Wood said the computers containing the records had the latest antivirus updates and that there is no sign of a virus. He said the attackers literally got in, hijacked the server and executed the code to encrypt the medical files.

$4,200 may not sound like a huge ransom, especially if people’s medical files are at stake. At first thought, the most logical solution would be to just pay the money and move on. But according to former investigator with the Australian High-Tech Crime Centre Nigel Phair, it’s hardly ever that easy. Once a company or an individual pays a ransom, the attackers usually demand even more money in an attempt to see how much cash they can get out of the victim.

It seems the only other option at this point is to hire an independent consultant to see if they can defeat the encryption. One would have to assume that the center didn’t have the data backed up anywhere else. Or as Wood suggests, don’t keep your backups connected to the server.

User Comments: 9

Got something to say? Post a comment
Guest said:

Yet another reason to have regular backups and keep some backup set offsite. What would happen if the office had any type of disaster (fire, flood, etc)?

PinothyJ said:

Is there not a guy with a twenty-five GPU walking around practically bragging that he can do this in a day or so.

Outsourcing, dammit...

Guest said:

Its better to pay for a 128 GPU RAID and thats it. be happy

Tygerstrike said:

What about the physical copies of the records? I know everytime Ive gone to see a doctor they pull out a manilla folder filled with paperwork. Also there has to be someway to bust these jackasses. Someway to make these dipsticks pay for thier crime. And yes lets be harsh with the ppl involved in this. Better to nip this particular trend in the bud before it gains any sort of momentum. Or else these type of attacks are going to be common place.

St1ckM4n St1ckM4n said:

.. Better to nip this particular trend in the bud before it gains any sort of momentum. Or else these type of attacks are going to be common place.

How is this any different from a crime stealing physical assets? People just need to realise that computers aren't magic and can be stolen (physically and virtually).

This kind of stuff is a walk in the park. I can go to any retail store, walk past their POS computer and encrypt random things. But I don't - just like how I don't shoplift.

crazyboots crazyboots said:

It's called a firewall people have to have hardware and software firewall people protect your network

crazyboots crazyboots said:

Another thing would be to have a backup of the files

crazyboots crazyboots said:

System admin's ahh get this little step there called windows security updates

Zilpha Zilpha said:

I can't believe they don't have any sort of backup system. I mean, every server we install we make our clients put in a fresh lto tape every night to dump the entire system. Then if a server crashes or something like this were to happen, just read in the latest tape. Maybe lose a day or two of work, but it's better than this is by far. I hate to say it because I don't want to see the sick people suffer, but this office deserved it. People as smart as doctors should know the value of multiple copies of data.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.