Hackers Hold Medical Data for Ransom
David Wood, the co-owner of the medical center, says no malware was used in the attack.
Hackers recently encrypted thousands of medical records at Australia's Miami Family Medical Centre, demanding a ransom of $4,000 to regain access to them.
"David Wood, co-owner of the Miami Family Medical Centre, says they thought they had a good system in place," writes ABC News' Sara Hicks. "'We've got all the antivirus stuff in place -- there's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software,' he said. 'It's people who know how to break in past firewalls and hack passwords to get onto the server.'"
"The centre has called in an IT contractor to assess the situation and restore a backup of patient records," writes Help Net Security's Zeljka Zorz. "In the meantime, the server with the encrypted data has been taken offline. It is still unclear whether the backup data has been also encrypted, but a comment from Wood might be an indication that it has, as he warned other businesses to check their IT security and not to leave backups connected to servers."
"Chris Gatford, a security expert at HackLabs, said whilst paying a ransom should never be performed there could be little choice in this situation," writes The Sydney Morning Herald's Ben Grubb. "'It would cost more to have IT professionals look at it then compared to what the ransomers are after,' Gatford said. He added that firms dealing with patient's medical records 'should absolutely not' be storing them on Internet-connected systems."
"Another Australian business with poor security practices had records of 500,000 customer credit cards stolen in August," writes The Next Web's Joel Falconer. "Despite the country’s population spending more time online than many other countries, it seems businesses here are taking their time to understand the security threats that could affect them."