Are you worried about your medical records falling into the wrong hands?
For patients at the cardiology private practice Melbourne Heart Group, that scenario may have just become a reality after a ransomware attack saw their medical files hacked and scrambled.
It’s unclear whether the private practice has paid a ransom to the attackers, but weeks later many of the files have not been recovered.
What’s in those files? Only some of the most lucrative information for those who might want to pursue identity theft.
The ransomware attack shows just how vulnerable our health institutions can be, in a month where opt-outs of the My Health Record scheme ticked over to 2.5 million Australians.
Using a type of malware known as ransomware, hackers can break into medical institutions’ networks and then (usually) deploy one of two basic kinds of attack — lockers or encryptors.
Lockers lock users out of their system, while encryptors (which, based on the limited public information available, sound like the type of ransomware used in this attack) encrypt crucial files.
Hackers then demand a ransom to restore the files.
Payment is often demanded in cryptocurrencies like Monero or ZCash to make it harder to trace.
Nearly half of reported ransomware attacks are on healthcare institutions, which are in many ways ideal targets for this kind of extortion.
They combine digital networks which are, for many reasons, both complex and difficult to secure, with highly sensitive personal data and the obviously crucial needs of doctors and medical staff to access patient files.
The combination of the sensitivity of the data and the urgent need for access makes healthcare providers more likely than other organisations to simply pay up rather than trying to fight back.
Even when they do pay up, there is no guarantee that the data will be fully restored.
Reports in The Age suggest some of the Melbourne Heart Group patients’ files remain inaccessible weeks on from the hack.
There is also no guarantee that hackers committing a ransomware attack will not take the opportunity to copy and steal sensitive personal data.
Source: ABC News