Hardly a day seems to go by without another report of a cybercrime incident. With Medibank still fresh in mind, the last attack is located in a Sydney-based cancer treatment facility, Crown Princess Mary Cancer Center at Westmead Hospital.
The Medusa cybercriminal group claims to have stolen thousands of files and is holding them for ransom.
In what has become a common practice, the criminal gang appears to be using double extortion. In such scenarios, criminals typically charge a fee to “release” the data back to the organization – often with a “sample” made available to verify their claims.
The gangs then double down with threats to release the data through their websites if payment is not made — in this case, a seven-day deadline.
Medusa offers a range of options to delay the public release of data by 24 hours (US$10,000), to download and/or delete the gang’s data for US$100,000.
It is currently unclear what will happen Friday morning if the ransom is not paid. However, the Medusa blog offers free access to data stolen from previous victims who did not pay the ransom within the stipulated time frame.
According to CyberCX, Medusa is the “second most active cyber extortion group in the Pacific”. Medusa has been try to compromise organizations in Australia and New Zealand since early 2023.
Read more: Why are there so many data breaches? A growing industry of criminals brokers stolen data
Why focus on health services?
Any cyber attack on the health sector is dangerous. While some cybercriminals have done that before avoided schools And healthcare institutionsit looks like this is now fair game.
Knowing that the services and data of these organizations are critical, it is not surprising that there are so many ransomware attacks against critical healthcare infrastructure.
Some notable incidents against Australian health systems have been recorded Medibank, Melbourne Heart Group And Oriental Health which operates four hospitals in Melbourne’s east – an attack that resulted in elective surgeries having to be postponed.
That reports tech giant Microsofthealthcare (and related industries) is one of the main targets for cybercriminals.
Read more: Australian hospitals are under constant attack from cyberattacks. The consequences can be deadly
What are the consequences?
The healthcare industry deals with our most personal data – none of us want this data to fall into criminal hands. Apart from the privacy concerns, not being able to continue regular activities in a healthcare facility poses life-threatening risks.
a recent research showed that between 2016 and 2021, US healthcare providers experienced 374 ransomware attacks that exposed the private health information of nearly 42 million patients.
Nearly half of these ransomware attacks disrupted healthcare, resulting in electronic system outages, scheduled care cancellations and ambulance diversions.
Why do they keep happening?
Technical advances in the health industry have undoubtedly improved treatment and overall patient care. While this technological growth is positive for healthcare, it exposes healthcare systems to cybercriminals.
With each passing year there is more connectivity between clinical systems and medical devices. That should be the healthcare sector more manned and highly dependent on internet connected systems also known as digital health. This interconnectedness makes health systems more complex and harder to secure.
With the exception of state-sponsored groups, cybercriminals are primarily driven by financial gain. Healthcare is undoubtedly one of the most promising targets, as the organizations, if compromised, are more likely to pay the ransom – ultimately because lives are at stake.
Cybercriminals are responding to this and even with good governance and increased cybersecurity within the sector, these incidents are likely to continue.
Read more: Is Australia a sitting duck for ransomware attacks? Yes, and the danger has been increasing for 30 years
Living with cybercriminals around us
So far, reports on the cancer center at Westmead have not indicated that operations have been significantly affected. This may mean that no computer equipment has been compromised and locked down – this can be considered positive.
However, those who examined the data samples published on the Medusa blog did suggested that it seems real.
As former FBI Director Robert Mueller famously said:
There are only two kinds of companies: companies that have been hacked and companies that will be hacked.
Cybercrime has become a global industry with estimates predicting its impact on more than $8 trillion by 2023. With such potentially lucrative advantages, we must accept that we will be sharing cyberspace with criminals in the near future.
There are, of course, actions that can improve our cybersecurity preparedness, regardless of industry. While nothing can completely eliminate the risk, making ourselves a less attractive target helps reduce the likelihood of being victimized. So it is important to:
- protect your systems: apply patches to all devices (including mobile phones); educate users to separate personal and business activities; use strong and unique passwords for all systems/services
- include all systems: don’t forget the internet of things and operational technology (all devices and software we use that connect to the internet); check the default settings (change any default passwords); and schedule the removal of old systems
- protect your data: data collected from all sources should be kept in appropriate locations; consider how long you keep data; and ensuring that data is protected from creation to destruction.
- protect your people: train all staff on basic cyber hygiene; vet new staff; and think about your off-boarding practices
- seek advice: if something goes wrong, call in the experts and liaise with law enforcement or other government agencies as needed.
And finally, don’t pay the ransom – it might be a tough decision, but it only encourages the criminals behind the ransomware campaigns to continue.
Read more: Medibank does not pay hackers a ransom. Is it the right choice?