Ransomware encrypts 15 000 patient records in Australian hospital

Cardiology unit at Cabrini Hospital in Malvern experienced ransomware attack that ended in encrypted and compromised patient files

Unknown ransomware encrypted 15 000 patients' records of Australian hospital. Hackers behind the attack demanded ransom payment for the decryption tool

Medical records of 15 000 patients at Cabrini Hospital in Malvern, Australia were compromised by the ransomware virus that infiltrated the system at the end of January.^[1] The threat actors behind the attack demanded ransom payment in digital currency to regain access to patients' data. The access was disabled for more than three weeks, according to the report.^[2]

This data breach was announced by the Melbourne Heart Group officially^[3] in the post that reads:

25 February, 2019

Melbourne Heart Group wishes to advise all our patients that the cybersecurity incident we experienced in late January has been resolved. The data has been decrypted and our systems have been restored. Once again we would like to emphasise that patients’ privacy has not been compromised or breached. No information left our computer system – it was encrypted so that no one could see it, even ourselves. We would like to thank all our patients for their understanding over this period.

Some sources believe that the ransom was paid, although the hospital representatives themselves made no confirmation of such a statement. Also, for a certain period of time, it was believed that data was accessed by hackers and patients were exposed to the possibility of identity theft. At the time, some patients were informed about the incident and that their files had been lost but no further explanation provided for them. Additionally, medical staff could not access the appointment schedule, and patients still showed up.

It is yet unclear who exactly is behind this attack, however, research showed that malware could be related to the Russian or North Korean hackers.

The attack became the subject of an investigation

The data breach that affected files of about 15 000 patients from the cardiology unit at Cabrini Hospital became the subject of a joint investigation by security agencies like Commonwealth. Malware attack crippled the server of Melbourne Heart Group based Hospital on Malvern and kept the staff members from accessing patient records for weeks.

The Australian Cyber Security Centre assisted the hospital with advice on cybersecurity and further actions. Australian Federal Police and the Australian Signals Directorate, other government agencies responsible for information security were also informed.

The spokeswoman for Melbourne Heart Group stated that they are working to resolve the issue with various government institutions and admits that privacy was not compromised:

The protection of personal patient information is of the utmost importance … patient privacy has not been compromised in this instance.

Various malware incidents encourage changed the perception of cybersecurity

It is believed that somebody from the hospital staff opened a malicious link or an attachment inside the phishing email on a network computer.^[4] Once the device has been infected, the breach of the network was the easier part – it let the virus to propagate and encrypt files located on other devices.

It is fairly easy to protect from these attacks, but organizations need to update and patch their security and system flaws regularly, so hackers have no opportunity to get past vulnerabilities.

Unfortunately, the healthcare sector was repeatedly affected by similar incidents in the past. Probably one of the most notorious instances occurred back in March 2017, when the infamous WannaCry ransomware encrypted around 70,000 NHS hospital devices in the UK.

Another publicized case happened last year when SamSam encrypted data of LabCorp, one of the most prominent medical testing laboratories and faced the company temporarily to shut down.^[5]

Incidents like these affect the perception of cybersecurity and raise attention to the importance of taking precautionary measures. Companies and organizations start to consider these issues more serious and employ IT experts to help them fix security vulnerabilities that can compromise patients' security and cost thousands of dollars to recover from.