An Australian medical centre is being held to ransom by hackers who are demanding $4,000 to decrypt sensitive information held on a server.
David Wood, co-owner of the Miami Family Medical Centre, said that it despite having anti-virus in place, the attackers 'literally got in, hijacked the server and then ran their encryption software'. He said: “It's people who know how to break in past firewalls and hack passwords to get onto the server. It's secure in the sense that no-one's taken any of it. We're trying to work out how to pay the hackers or find someone to decrypt the information."
Wood said that the medical centre will continue to operate, even though he admitted that it is 'very, very, very difficult' without patient records.
Last week, Sophos director of technology strategy James Lyne predicted that ransomware infections will increase in 2013 with a massive increase in the quality of implementation. Recent statistics released by the Irish reporting and information security service (Iriss) and computer emergency readiness team (Cert) said that there had been an issue of ransomware, with six separate incidents targeting Irish businesses reported.
Mark James, technical team leader at ESET UK, said: “If a server is directly accessible from the internet, it's only a matter of time before it became susceptible to a hack, and any establishment that holds user records or data should be conscious of this.
“As ever, good backups and multi layered security will help, but data as important as health records should be backed up regularly and stored offsite in a secure location – any organisation holding such sensitive information and not taking these precautions is acting irresponsibly.”