also @ TechSpot: Razer brings the arcade experience home with the Atrox Arcade Stick

Hackers hold patient medical records for ransom, demand $4,200

By

On December 12, 2012, 8:30 AM

hacking, patient records, rans

A group of hackers broke into the Miami Family Medical Centre in Australia and are now holding all of their patient’s medical records for ransom. The hackers didn’t physically take or delete the files but they have encrypted them and are demanding a sum of 4,000 Australian dollars, or roughly $4,196 in exchange for the key.

Without the necessary decryption key, the data is essentially useless to the medical staff. It goes without saying that it would be next to impossible to carry on day-to-day operations at the medical facility without access to patient records.

Miami Family Medical Centre co-owner David Wood said the computers containing the records had the latest antivirus updates and that there is no sign of a virus. He said the attackers literally got in, hijacked the server and executed the code to encrypt the medical files.

$4,200 may not sound like a huge ransom, especially if people’s medical files are at stake. At first thought, the most logical solution would be to just pay the money and move on. But according to former investigator with the Australian High-Tech Crime Centre Nigel Phair, it’s hardly ever that easy. Once a company or an individual pays a ransom, the attackers usually demand even more money in an attempt to see how much cash they can get out of the victim.

It seems the only other option at this point is to hire an independent consultant to see if they can defeat the encryption. One would have to assume that the center didn’t have the data backed up anywhere else. Or as Wood suggests, don’t keep your backups connected to the server.

, ,

9 comments

User Comments: 9

Got something to say? Post a comment
  1. December 12, 2012 8:48 AM
    Guest said:

    Yet another reason to have regular backups and keep some backup set offsite. What would happen if the office had any type of disaster (fire, flood, etc)?

    Reply
  2. December 12, 2012 8:55 AM
    PinothyJ said:

    Is there not a guy with a twenty-five GPU walking around practically bragging that he can do this in a day or so.

    Outsourcing, dammit...

    Reply
  3. December 12, 2012 10:03 AM
    Guest said:

    Its better to pay for a 128 GPU RAID and thats it. be happy

    Reply
  4. December 12, 2012 10:28 AM
    Tygerstrike said:

    What about the physical copies of the records? I know everytime Ive gone to see a doctor they pull out a manilla folder filled with paperwork. Also there has to be someway to bust these jackasses. Someway to make these dipsticks pay for thier crime. And yes lets be harsh with the ppl involved in this. Better to nip this particular trend in the bud before it gains any sort of momentum. Or else these type of attacks are going to be common place.

    Reply
  5. December 12, 2012 7:12 PM
    St1ckM4n
    St1ckM4n said:

    .. Better to nip this particular trend in the bud before it gains any sort of momentum. Or else these type of attacks are going to be common place.

    How is this any different from a crime stealing physical assets? People just need to realise that computers aren't magic and can be stolen (physically and virtually).

    This kind of stuff is a walk in the park. I can go to any retail store, walk past their POS computer and encrypt random things. But I don't - just like how I don't shoplift.

    Reply
  6. December 13, 2012 6:17 AM
    crazyboots
    crazyboots said:

    It's called a firewall people have to have hardware and software firewall people protect your network

    Reply
  7. December 13, 2012 6:18 AM
    crazyboots
    crazyboots said:

    Another thing would be to have a backup of the files

    Reply
  8. December 13, 2012 6:21 AM
    crazyboots
    crazyboots said:

    System admin's ahh get this little step there called windows security updates

    Reply
  9. December 13, 2012 9:39 AM
    Zilpha
    Zilpha said:

    I can't believe they don't have any sort of backup system. I mean, every server we install we make our clients put in a fresh lto tape every night to dump the entire system. Then if a server crashes or something like this were to happen, just read in the latest tape. Maybe lose a day or two of work, but it's better than this is by far. I hate to say it because I don't want to see the sick people suffer, but this office deserved it. People as smart as doctors should know the value of multiple copies of data.

    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Routers

Downloads and Drivers

Downloads   Drivers  

J. River Media Center 18.0.187

ComicRack 0.9.169

Ashampoo UnInstaller 5.03

Files Terminator Free 2.5.0.11

Advanced Host Monitor 9.50

More Downloads

Latest Discussion

Bios update help 10 replies on Processors and Motherboards

What game first got you hooked on gaming? 169 replies on Gaming

Windows update completely stopped working, unknown error 8024402C 6 replies on Windows OS

Bitdefender 5 replies on Software Apps

Unacceptably high disk usage/performance lag Windows 8 43 replies on Windows OS

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.