GP clinic hacked by cyber criminals
A Queensland medical centre hacked by cyber criminals is open for business, but is still considering paying $4,000 to the hackers to decrypt thousands of medical records.
GPs at the Miami Family Medical Centre on the Gold Coast discovered their server had been hacked when they arrived for work last Saturday, with all 15,000 patient records encrypted and inaccessible.
Staff had to revert to using old fashioned appointment books and hand written notes to ensure patient care was not disrupted.
The practice's computer system is now back up and running, and IT experts are looking at ways to decrypt the hacked information.
However David Wood, co-owner of the clinic, says he is in email correspondence with the hackers and may still pay the ransom if vital information cannot be recovered.
"Paying them is not that easy, it's very complicated to stop tracing efforts. It is the cyber equivalent of leaving cash in an envelope on a park bench. We have had to verify that they are the people who hacked in."
Mr Wood, who's wife is a GP at the practice, said the key message for other GPs was to check their IT systems were as secure as possible and to test all back up systems.
"We were well set up for everything and we were hacked. But they are out there probing systems all the time."
"GPs need to get an IT company in to check their vulnerability and to test back ups off-site - we all think our back ups are OK but if they have not been tested then you have no idea."
There have been 11 similar offences in Queensland this year, according to police.
"In essence an offender, believed to be from Russia, exploits security weaknesses in business computer systems and enters the systems through that weakness and encrypts the system," Queensland police said in a statement.
IT security expert Ty Miller warned cyber extortion is on the rise, with hackers accessing systems via weaknesses in installed programs such as Flash and Adobe Reader.
The chief technology officer at IT security company Pure Hacking, Mr Miller said a digital forensic investigation should be performed on the medical centre's system.
He said companies can avoid falling victim to cyber extortion by updating their anti-virus software and running the latest versions of programs.