Thousands of patients have had their personal files encrypted by hackers after a Melbourne heart hospital was hit by ransomware.
Melbourne Heart Group, which runs the specialist cardiology unit at the city’s private Cabrini hospital, has reportedly been unable to access the 15,000 scrambled files for three weeks following the attack.
This has led to issues such as patients turning up to appointments for which the hospital has no record.
The hospital reportedly paid the cyber-criminals but, as is often the case, failed to regain access to the affected files.
It is now working with the authorities to resolve the issue, according to The Age.
Healthcare organizations (HCOs) are a popular target for ransomware authors as they are often under-resourced in terms of cybersecurity, whilst running patient-critical systems which could make them more likely to pay up.
In November 2018, two Iranians were indicted by the US authorities for their part in an ongoing campaign of attacks using the SamSam variant.
Many of the 200 organizations hit were in the healthcare sector, including the Hollywood Presbyterian Medical Center, MedStar Health, and the Kansas Heart Hospital.
They are said to have made $6m from the attacks over the past three years, causing over $30m in losses to the affected organizations.
Although reports have suggested ransomware numbers are on the wane as cyber-criminals look for easier returns via crypto-mining malware campaigns, it still represents a major enterprise security threat.
CrowdStrike warned in a new report this week that cyber-criminals are increasingly using “big game hunting” techniques which involve highly targeted attacks using “well-tested reconnaissance, delivery and lateral movement TTPs.”
A new report from McAfee and Coveware warned of a spike in attacks using the Ryuk ransomware over the past 90 days.
“In a world where cyber-criminals are forced to constantly adapt and seek new weaknesses in systems to turn into profits, we have been observing that ransomware is once again on the rise,” said McAfee head of cyber investigations, John Fokker.
“This is a prospect that is especially worrying given the rise of synergistic threats, where malware is written to include various malicious components with the intention of blurring the vision of the primary objective – just as a smokescreen would. As ransomware threats evolve, our advice for victims is simple: always seek professional advice when you are faced with a targeted ransomware attack such as Ryuk.”