[BreachExchange] Crime syndicate hacks 15, 000 medical files at Cabrini Hospital, demands ransom

Destry Winant destry at riskbasedsecurity.com
Fri Feb 22 02:50:13 EST 2019


https://www.smh.com.au/national/victoria/crime-syndicate-hacks-15-000-medical-files-at-cabrini-hospital-demands-ransom-20190220-p50z3c.html?ref=rss

A cyber crime syndicate has hacked and scrambled the medical files of
about 15,000 patients from a specialist cardiology unit at Cabrini
Hospital and demanded a ransom.

The attack is now the subject of a joint investigation by Commonwealth
security agencies.

Melbourne Heart Group, which is based at the private hospital in
Malvern, has been unable to access some patient files for more than
three weeks, after the malware attack crippled its server and
corrupted data.

The malware used to penetrate the unit's security network is believed
to be from North Korea or Russia, while the origin of the criminals
behind the attack has not been revealed.

The online gang responsible for the data breach demanded a ransom be
paid in cryptocurrency before a password would be provided to break
the encryption.

The Age understands that a payment was made, but some of the scrambled
files have not been recovered, among them patients' personal details
and sensitive medical records that could be used for identity theft.

Some patients were told that their files had been lost but were not
given any explanation. Others have turned up for appointments for
which the hospital had no record.

The Australian Cyber Security Centre, which is part of the Australian
Signals Directorate – the government agency responsible for
Australia's cyber warfare and information security – said it was
assisting the hospital with cyber security advice.

The Australian Federal Police has also been briefed.

A Melbourne Heart Group spokeswoman said it was working with
government agencies to resolve the issue.

"The protection of personal patient information is of the utmost
importance ... patient privacy has not been compromised in this
instance," the spokeswoman said.

She also stressed there was no link between the encypted data and any
function relating to cardiac implantable electrical devices, such as
pacemakers and defibrillators.

The spokewoman would not say how many files had been affected or
whether a ransom had been paid.

The latest hack is expected to fuel calls for the federal government
to reinforce the nation's cyber defences, particularly email security.

This week, the Morrison government conceded federal parliament and
major political parties' security systems had been compromised by what
was believed to be a state-based cyber attack.

Professor Matt Warren, deputy director of Deakin University’s Centre
for Cyber Security Research, said the data breach at Melbourne Heart
Group was most likely a “ransomware” attack.

Someone, probably a staff member, using the hospital’s software could
have inadvertently opened a corrupted link on a phishing email
allowing ransomware, a form of malware, into the hospital’s system,
Professor Warren said.

>From there, the attackers encrypt sensitive information from hospital
servers, essentially locking it away from access by medical staff.

“Then they say to the hospital ‘you must pay us to get your data
back’,” Professor Warren said.

“It’s sophisticated in that you have to get the malware onto the
hospital system, but once you have done that then it is relatively
easy.

“Other than the cost it isn’t hard to be protected from this …
organisations need to update and patch their security and systems
regularly because the problem you have is the hackers' capabilities
are becoming more sophisticated.”

These types of breaches stem from the worldwide “WannaCry” ransomware
attack in May 2017.

One of the largest hit by this attack was Britain’s National Health
Service, where it was estimated up to 70,000 hospital devices in
England and Scotland were impacted.

Non-critical emergencies and some ambulances were turned away from
hospitals hit by the attack, operations were cancelled and accident
and emergency centres were closed.

The healthcare sector has become a preferred target for many online
criminals after the Hollywood Presbyterian Hospital in Los Angeles
revealed it paid $17,000 in bitcoin to hackers who had seized control
of its computer network.

And the massive hack of US health insurance giant Anthem in 2015 –
when the personal information of more than 79 million Americans was
exposed – further identified the sector's vulnerability to data
breaches and potential for identity theft.


More information about the BreachExchange mailing list