Cyber attackers seize, encrypt and ransom medical centre’s patient database

Australian money, courtesy of ShutterstockCyber attackers have breached an Australian medical centre’s patient database, encrypted it, and are demanding $4,000 AUD to release thousands of patient records – a sum the medical centre is trying hard not to pay.

The records were collected over seven years and stored on a server at the Miami Family Medical Centre in Queensland.

Law enforcement say that the attack originated in Russia or somewhere in Eastern Europe, but origins of such attacks are notoriously difficult to pinpoint.

The attack was a shock, according to the medical centre’s co-owner David Wood, given what they figured was a pretty good security system, as he told ABC News:

"They managed to get past firewalls. They managed to get past server passwords as well."

"We've got all the antivirus stuff in place. There's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software."

Woods said that a staff member on duty Saturday morning came in to find the server screen locked up, displaying a message saying, basically, that the centre had been hacked.

Instead of paying the ransom, the medical centre is using a contractor to try to decrypt or rebuild the files.

But the IT expert they hired – Jason Fillmore, of Essential I.T. Services – told ABC News the prospects were grim, given the “very sophisticated”, “military-grade” encryption used by the intruders.

Queensland Police said in a statement that they’ve seen 11 similar cases of extortion in Queensland alone over the past year.

Nigel Phair, director of the Centre for Internet Safety and a former investigator with the Australian High-Tech Crime Centre, said that this latest attack is only the most recent in a string of hacking against Australian businesses.

Ransom note, original courtesy of ShutterstockHe told ABC News that they’re seeing five to 10 such attacks per week, mostly streaming out of Eastern Europe and looking for “rich targets” or “places with identifying information to extort”.

Such criminals are thereby also devilishly difficult to apprehend. Therefore, it’s unlikely that the attackers will be found or apprehended.

That shouldn’t dissuade people from reporting cybercrime, of course.

As Sophos’s Paul Ducklin said in ABC’s video coverage, even a small chance of catching the crooks is better than none at all:

"The chances are small that these people will be apprehended, but it is not zero. So it is worth reporting cybercrime, because if you don't say anything, then the one thing you can be sure of is that nothing's going to happen."

Ransomware is growing in prevalence, as evidenced by the string of recent attacks Naked Security has covered.

Small medical businesses are anything but immune.

Earlier in December, US backup firm NovaStor reported a similar attack on an unnamed US medical practice around Halloween that encrypted critical data, including x-rays.

As TechWorld points out, the healthcare provider’s saving grace in that incident was offline backup.

Backing up to the cloud or other separate, offline sources have their own security concerns, but at least they’re off the primary, targeted server and can help businesses quickly restore their records.

That, in fact, is exactly the advice that David Wood had to help others escape his health center’s fate.

He told ABC News that other businesses should “check your IT security and don’t leave backups connected to servers”.

Australian money and ransom note original images courtesy of Shutterstock