Not-for-profit hacked, held for ransom
A cybercrime syndicate targeted a not-for-profit in Victoria and stole the files of about 15,000 patients, demanding that the hospital pay a ransom to recover them.
Cabrini Hospital has been unable to access the files for more than three weeks after the criminals used malware to scramble the patient data. They have demanded that the not-for-profit make a cryptocurrency payment to decrypt the files.
Melbourne Heart Group, a specialist cardiology unit based at the private hospital, has been unable to recover the data, despite The Age reporting a payment being made.
A spokeswoman told The Age that there is no link between the encrypted files and any function relating to cardiac implantable electronic devices, including pacemakers.
“The protection of personal patient information is of the utmost importance….patient privacy has not been compromised in this instance,” the spokeswoman said.
The attack is the subject of a joint investigation by Commonwealth security agencies and the Australian Federal Police have also been briefed.
An Australian Cyber Security spokeswoman said it was alerted to the incident and it would provide assistance, but could not comment further.
It is unknown who the criminals behind the hacking are, but the malware is believed to have originated from North Korea or Russia.
Health Minister Jenny Mikakos said no public hospitals have been affected and that the government works closely with federal agencies to ensure that all public sector agencies are protected from further attacks.
“We’ve made significant investment over the past two years to upgrade our cyber security capability in our public hospital system. It is my expectation all private hospitals will put the systems in place to ensure patient privacy is safeguarded.”
Since the attack, Toyota Australia has confirmed they were also the targets of a crime syndicate but said that no private employee or customer data had been accessed. The Morrison government also revealed that federal parliament and major political parties’ security systems have been compromised in a state-wide attack.
Cabrini is an 832-bed Catholic hospital owned by the Missionary Sisters of the Sacred Heart of Jesus and operates on a not-for-profit basis.