Russian hackers are holding a Gold Coast medical centre to ransom after encrypting thousands of patient health records.
The hackers are demanding a ransom of $4,000 to decrypt the sensitive information held on a server at the Miami Family Medical Centre.
IT security expert Nigel Phair says this latest attack is a “wake-up call” with businesses around Australia hacked five to 10 times a week.
“Cyber criminals based mainly throughout Eastern Europe look for rich targets, places with identifying information to extort,” said Mr Phair, the director of the Centre for Internet Safety and a former investigator with the Australian High-Tech Crime Centre.
Mr Phair says health professions that store valuable information are the biggest target with small-to-medium hacking operations that collect credit card details.
David Wood, co-owner of the Miami Family Medical Centre, says they thought they had a good system in place.
“We’ve got all the antivirus stuff in place – there’s no sign of a virus. They literally got in, hijacked the server and then ran their encryption software,” he said.
“It’s people who know how to break in past firewalls and hack passwords to get onto the server.”
He has reassured patients that the data has not been stolen.
“It’s secure in the sense that no-one’s taken any of it,” he said.
“We’re trying to work out how to pay the hackers or find someone to decrypt the information.”
‘Only option is to pay’
The server with encrypted information is being held offline and an IT contractor is working with the practice to restore a backup of patient records.
Mr Phair says the information may be lost permanently.
“At this point, most probably, their only option is to pay,” he said.
“Though that’s not the best option because as we know from extortion that once you pay they’ll follow that up.”
“They might follow it up saying they want another payment or partially decrypt some of the information.”
Mr Phair says the hackers are not easy to trace and international police investigations are difficult, reducing the chance of retrieving information without paying a ransom.
“It’s not impossible, just time intensive,” Mr Phair said.
“The hackers will hide their traces and their steps really well – they could be based anywhere in the European continent.
“In a lot of those places law enforcement isn’t that strong and so it’s difficult to get cooperation with [local] police.”
The seemingly low ransom price is a strategy of the hackers to increase their chances of collecting.
“It’s similar to traditional fraud in that you keep the value low and the volume high, so you can get $4,000,” Mr Phair said.
The Miami Family Medical Centre will continue to operate, even though Mr Wood admits it is “very, very, very difficult” without patient records.
“What medication you’re on can be retrieved from the pharmacists [and] pathology results can be gotten back from pathology,” he said.
Mr Wood warns other businesses to “check your IT security and don’t leave backups connected to servers”.