Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Ransom hackers encrypt medical centre's entire database

Attackers demand £2,600 to release data

Article comments

An Australian medical centre is reported to be considering paying a ransom demand of $4,000 AUD (£2,600) after blackmailers broke into the organisation’s servers and encrypted its entire patient database.

According to ABC News, Miami Family Medical Centre on the country’s Gold Coast had called in a third-party contractor to try and restore the data from backups but it remained unclear whether this would prove sufficient to return the database to its previous state.

"We're trying to work out how to pay the hackers or find someone to decrypt the information," said centre co-owner David Wood.

The centre was continuing to receive patients but Wood admitted this was proving "very, very, very difficult" without patient records.

"What medication you're on can be retrieved from the pharmacists [and] pathology results can be gotten back from pathology," he told ABC News.

According to Wood, the attackers had accessed the database directly rather than using a remote Trojan.

"We've got all the antivirus stuff in place - there's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software," he said.

"It's people who know how to break in past firewalls and hack passwords to get onto the server." No data had been compromised, Wood claimed.

The attack is not the first to affect medical centres in the country. Barely three months ago, dozens of business were reportedly hit by ransom malware and hijacking, including at least one other small medical businesses.

Not coincidentally, earlier this month US backup firm NovaStor reported an suspiciously similar attack on an unnamed US medical practice around Halloween that encrypted critical data including x-rays.

The business was able to beat the blackmailers thanks to NovaStor’s backup system which is probably the only reason the world got to hear about this near-disaster.

That is the obvious Achilles heel of ransom industry – cloud or offline backup. Any business or individual mirror data to a separate system that can’t itself be hacked should be able to defend itself against ransom attacks.

The wider phenomenon of data ransoming is overwhelmingly that of Trojans infecting individual PCs in order to encrypt consumers’ private data, but the latest Australian attack could be an example of a separate trend to target and attack specific types of business.

The criminals appear to favour targeting smaller businesses likely to be heavy with valuable data but lack the resources to back it up as comprehensively as might a larger organisation.

The culprits for the Miami Family Medical Centre are believed to be Russian, which fits with Trend Micro report from 2012 that suggested the core of the ransom industry could be a single gang.

A Symantec report analysed the boom in such attacks during the last year, suggesting that in the consumer space as many as three percent of victims probably paid up. That statistic was making the tactic hugely profitable, the company said.



Share:

More from Techworld

More relevant IT news

Comments

dj said: Full old fashioned backups everyday with verify using different media with at least a weeks worth available If the software or database has its own backup procedure run that first to another partition amp then backup the lot to external removable media Partial changed backups live backups etc are all good but nothing beats a full complete backup capable of bare metal restore You may loose a little more data but you come back to a full working system at a set point in time

chris said: Pay the ransomAndHope they decrypt the databaseThe chance of some outside source being able to decrypt the information is pretty much nil To many different algorithms not even counting the password they would have to brute force They might could figure out the algorithm because of certain semantics In the end I see some firm going in and charging this hospital ungodly amounts of money Then to hear them say Ummm we cant decrypt itBeing in the IT business myself I see half backed backups all the time or even worse none People and businesses worry about anti-virus software They should be worrying about what type of backup solution and infrastructure they have setupHere is the best way to determine if you have a good solution Hypothetically if your computerserver were to sprout legs and walk out the door Would you be able to go on and continue business How long would it take you to recover if you could Do you know If you dont you seriously should have a professional come in and figure out some type of solution for your business Yes it is going to cost you a good bit of money It will probably even cost you monthly How would you feel though if you could no longer put food on your familys table This is very serious Viruses are no fun and can steal valuable information What happens if you dont even have access to your own information anymore Good backups are better than anti-virus software ever will be

Mike_Acker said: One Day the industry mavens will wake up and read Geekonomics the real cost of insecure software by David Rice and decide enough already a User Group similar to the old IBMShare will be needed to work with software builders and lawmakers to straighten up the software mess we have on our hands some software will need to be discarded as un-suitable



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *