By Elise Thomas
Updated
Are you worried about your medical records falling into the wrong hands?
For 15,000 patients of the cardiology unit at Cabrini Hospital in Melbourne, that worrying scenario may have just become a reality after a ransomware attack saw their medical files hacked and scrambled.
It’s unclear whether the hospital has paid a ransom to the attackers, but weeks later many of the files have not been recovered.
What’s in those files? Only some of the most lucrative information for those who might want to pursue identity theft.
The ransomware attack shows just how vulnerable our health institutions can be, in a month where opt-outs of the My Health Record scheme ticked over to 2.5 million Australians.
How can hackers steal my records?
Using a type of malware known as ransomware, hackers can break into hospital networks and then (usually) deploy one of two basic kinds of attack — lockers or encryptors.
Lockers lock users out of their system, while encryptors (which, based on the limited public information available, sound like the type of ransomware used in this attack) encrypt crucial files.
Hackers then demand a ransom to restore the files.
Payment is often demanded in cryptocurrencies like Monero or ZCash to make it harder to trace.
Nearly half of reported ransomware attacks are on healthcare institutions, which are in many ways ideal targets for this kind of extortion.
They combine digital networks which are, for many reasons, both complex and difficult to secure, with highly sensitive personal data and the obviously crucial needs of doctors and medical staff to access patient files.
The combination of the sensitivity of the data and the urgent need for access makes hospitals more likely than other organisations to simply pay up rather than trying to fight back.
Even when they do pay up, there is no guarantee that the data will be fully restored.
My Health Record an extremely tempting target
Reports in The Age suggest some of the patients from Cabrini Hospital’s files remain inaccessible weeks on from the hack.
There is also no guarantee that hackers committing a ransomware attack will not take the opportunity to copy and steal sensitive personal data.
The huge reservoirs of personal health data held by hospitals and medical institutions are highly lucrative to criminals able to sell them on the dark web.
Similar concerns hang over online databases of health records, such as the controversial My Health Record.
While the Government says the system is highly secure, experts have repeatedly warned of the risk of creating a massive centralised database of patient records.
The My Health Record database will be an enormously tempting target for cybercriminals, not just now but for years, if not decades, to come.
The digital nature of the systems also allows criminals to reach out and target victims almost anywhere in the world, pitting hospital systems administrators in Albury-Wodonga or Alice Springs against criminal or even state-backed hackers in North Korea or Iran.
Identifying who is behind a ransomware attack can be extremely difficult, and it’s important to avoid the temptation to jump to conclusions.
The malware used in this attack is believed to be linked to North Korea or Russia, according to The Age, but that doesn’t necessarily mean the hackers using it are North Korean or Russian.
Ransomware tools are available for purchase “off the shelf”. This practice, known as ransomware-as-a-service, is increasingly common, actually pretty cheap, and means that even relatively low-skilled cybercriminals can buy and operate sophisticated malware.
Even in the unlikely case that the perpetrators behind a ransomware attack are identified, the likelihood of them being held to account for the crimes is extremely low.
Although some jurisdictions around the world are beginning to pass laws specifically criminalising the use of ransomware, investigations into ransomware cases are often highly complex and demand international coordination between multiple law enforcement agencies.
While we have seen a handful of successful ransomware investigations, such as the break-up of a Romanian ransomware gang in 2017, these remain very much the exception rather than the rule.
How can we stay safe?
The number one thing that hospitals and medical institutions can do is ensure they back up their data, including offline backups which are regularly updated.
This may not prevent them from becoming victims to a ransomware attack — strong cybersecurity practices, consistent investment in IT security and a healthy dose of luck are the only way to do that — but it will greatly reduce the impact on critical functions, most importantly the ability of doctors to care for their patients.
Elise Thomas is a researcher with the International Cyber Policy Centre at the Australian Strategic Policy Institute.
Topics:
doctors-and-medical-professionals,
vic,
korea-democratic-peoples-republic-of,
First posted
from Trend Gossip Now https://ift.tt/2IsdAvq
0 Comments