Bloomberg News

Hackers Hold Australian Medical Center's Records for Ransom

December 10, 2012

Hackers Hold Australian Medical Center’s Records for Ransom

An Australian medical center is fighting hackers who have encrypted patient records and demanded ransom. Photographer: Gunter Ziesler

An Australian medical center is facing the possibility that its patients' electronic medical records may be locked away forever after hackers broke into its computer system and encrypted the files.

The hackers who captured the Miami Family Medical Centre's data demanded A$4,000 ($4,196) to decrypt the information, David Wood, co-owner of the facility, told Australia's ABC News, according to this report. They got past what Wood considered good computer-security measures, he said.  The facility is now left with the "very, very, very difficult" task of operating without patient records until the hackers are paid or independent consultants can defeat the encryption on their own, he added.

"We've got all the antivirus stuff in place," Wood told ABC News. "There's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software."

The center did not immediately respond to an e-mail from Bloomberg News.

The information may be gone for good, as extortionists often follow one ransom demand with another and may never unlock the data, Nigel Phair, a former investigator with the Australian High-Tech Crime Centre, told ABC News.

The case shows how the digitization of medical records can be a danger to patients. I reported in August on a similar breach affecting a medical center in an affluent Illinois suburb whose records were also hacked and held for ransom. The facility, the Surgeons of Lake County, has declined to comment on the investigation or on whether the data were backed up.

Incidents like those are likely to become more common as medical providers make the shift to digital records, and as health care providers swap those files over "health information exchanges," clearinghouses for medical data that are already the target of complaints.

The technologies promise to improve patient care, but they also introduce the risk of criminals stealing health data for profit. Health information can be sold on the black market and used for identity theft, a growing problem that some victims battle for decades.

Wood, of the Australian medical center, has learned a valuable lesson about data security: "Check your IT security and don't leave backups connected to servers."

China's Killer Profits
blog comments powered by Disqus