In January, a private heart clinic located in a Melbourne’s Cabrini hospital had 15 000 patients’ medical records locked in a ransomware attack that emanated from Russia or North Korea, 9News reports.
A cryptocurrency ransom to unlock the data was subsequently demanded.
The records were encrypted (digitally locked) in the attack, and a spokesperson for the clinic, Melbourne Heart Group, reportedly confirmed that affected patients’ medical records could not be accessed for several weeks:
“This means that our patients’ information became inaccessible to anyone, including ourselves.”
Nonetheless, said the spokesperson:
“We have been assured that no patient’s privacy has been compromised in any way.”
Another spokesperson for the Australian Cyber Security Centre said she was aware of the attack, and said the centre furnished help and advice, but could comment no further in the matter ongoing.
The Cabrini hospital itself has stated that it was unaffected by the hack. According to a spokesperson there:
“It doesn’t have any link to Cabrini in any way, Melbourne Heart Group is just a tenant of ours.”
Australian Health Minister Jenny Mikakos said that public hospitals have so far not succumbed to any ransomware hacks:
“We’ve made significant investment over the past two years to upgrade our cyber security capability in our public hospital system.”
While the particular ransomware deployed in the attack on Melbourne Heart Group was not disclosed in the 9News report, Forbes reported yesterday on the increasingly pervasive use of Ryuk ransomware to attack important public and enterprise data systems.
Ryuk has previously been mistakenly linked to North Korea, but according to Forbes, multiple researchers and cybersecurity firms, including Crowdstrike, FireEye, Kryptos Logic, and McAfee, now believe Ryuk is being deployed from, “two or more prolific cybercriminal organizations, which appear to come from Russia or former satellite states.”
Russian language embeds inside parts of the Ryuk software, as well as the embedding of the French expression “à la guerre comme à la guerre” (“in war as in war”), an expression reportedly, “quoted several times by the Soviet revolutionary leader Vladimir Lenin,” may indicate Russian nationalist motives on the part of Ryuk deployers.
Ryuk came to public attention late last year when it was used to lock the systems of at least 13 American newspapers owned or formerly owned by Tribune Publishing
The attack also reportedly resulted in publication delays for the West Coast editions of The Wall Street Journal and The New York Times.