Hackers Hold Medical Records Hostage

Dennis Faas's picture

A group of hackers has gained access to an Australian medical center's electronic patient records. Until they receive a cash payout, the hackers say they won't relinquish control of the information.

It's relatively common for hackers to access sensitive data and then threaten to expose it unless a victim pays up.

There have been several cases where scammers have remotely installed viruses on computers, then threatened to wipe the hard drive of all its stored data unless they receive hefty payments.

But this case, involving the Miami Family Medical Center (MFMC), is different.

Rather than simply decrypting victims' files and accessing the confidential data on their own machines, this time the hackers have actually re-encrypted the files stored on the medical center's computers.

Staff Can't Access Medical Records

As a result, staff at the MFMC are, for the moment, unable to access the center's data. Obviously, that makes providing safe and effective medical treatment much more difficult.

In fact, MFMC staff may have to contact patients' local pharmacists to work out exactly what drugs they have been taking before being admitted to the center.

The hackers have demanded A$4,000 (equivalent to around US$4,196) to remove their encryption and let MFMC staff regain full access to the center's files.

Some security experts have suggested that, given the relatively small extortion demand and the importance of quickly regaining access to these medical files, it may be wise for MFMC simply to pay up.

Paying Up May Not Be Enough

However, a former cybersecurity investigator says that meeting the hacker's extortion demands will most likely result in repeated demands for more money.

He says it would be better for the center to put its resources into hiring independent "codecrackers" to decrypt the files, and regain access to the data that way. (Source: net.au)

Thankfully, there's nothing to suggest the hackers have been able to read any of the medical records.

It seems likely they simply added an additional layer of encryption to the already-encrypted files, a little like installing an extra lock onto an already locked safe deposit box and demanding money to remove it. (Source: bloomberg.com)

Rate this article: 
No votes yet