Cyber criminals stealing health records and holding hospitals to ransom. Picture istock
CRIMINAL gangs are illegally accessing health records to steal people’s identity, a major new report on electronic data breaches reveals.
And cyber criminals have threatened to shut down busy hospitals by encrypting every patient’s electronic record so they can’t be accessed by doctors or nursing staff.
The cyberattacks create chaos when doctors can’t get hold of critical information in the middle of surgery and have brought every aspect of hospital operations to a halt.
Access to the medical records is only reinstated when the hospital agrees to pay a seven figure ransom.
The scams have come to light after global technology and communication company Verizon released its latest global data breach report, which included Australia.
This report finds healthcare is now the only industry where employees are the main culprits in these types of data breaches.
More to do on cyber security: Tehan4:28
Nearly all government organisations have faced some form of attempted security breach or threat.
- April 19th 2017
- 8 days ago
- /video/video.news.com.au/News/Politics/
Fifteen per cent of the 42,000 data breaches recorded last year involved healthcare organisations, the report shows.
Health care is the only industry where insiders more likely to steal the data. Picture Getty Images.Source:Getty Images
The revelation of the data breaches come as the Federal Government is preparing to automatically set up an electronic My Health record for every Australian unless individuals expressly take action to opt out of the system.
News Corp Australia revealed recently only 147 out of one million Australians already automatically given a My Health record has set up a PIN number to protect their health information.
The Verizon report says it’s usually employees of doctors, hospitals or health clinics who illegally access personal health records.
They can sell the information to criminal gangs or use it to bribe people who may have embarrassing health conditions.
Sometimes they just want to share the health secrets of famous people with friends and family such as finding out the name or sex of a celebrity’s newborn before it appears in the press.
They have also been caught spying on the health conditions of their own friends, the report reveals.
Aaron Sharp, a security solutions consultant at Verizon Enterprise Solutions, says health records are the perfect target for people who want to steal your identity because they list names and date of birth and often reference the names of relatives.
“If you stole this information you could open a bank account using that name or access the bank accounts of the person whose identity you stole and steal their money,” says Mr Sharp.
“Often people who steal the information on-sell it to criminal gangs,” he says.
Chris Tappin, a forensics Expert at Verizon, says he is aware of hospitals that have had their medical record systems shut down by hackers using ransomware.
“In some cases it encrypts all the documents and the hospital shuts down, everything from X-rays and test results to word documents are encrypted and can’t be accessed,” he says.
“In all the cases I’ve worked on bar one the companies have paid the ransom because it’s quicker to do that than reset the system,” he says.
Cyber attacks have threatened to bring hospitals to a halt unless ransom is paid. Picture istockSource:istock
Verizon is urging health companies not to give in to the tactics and warn that paying the ransom will only encourage future attacks.
But Mr Tappin says companies are too concerned about the damage to their brand if the data breach becomes public so they pay up.
The report on global health breaches shows in the last year there were 458 data breach incidents in the global health sector and 296 involved confirmed data disclosure.
More than two thirds of those breaches involved an insider.
Two in three of the breaches were made for financial reasons, one in four were for fun and seven per cent were due to a grudge.
Medical information was stolen in seven out of ten cases and personal information in a third of cases.
The report finds that nearly 30 per cent of all healthcare breaches have no motive and are the result of misdelivery, disposal errors or lost assets.
They involve doctors losing laptops, X-rays accidentally ending up in landfills, and employees mistakenly giving one patients xray or test results to someone with a similar name.
The Australian Government recently introduced legislation that brings in tough new financial penalties for data breaches.
The new law makes it mandatory for all companies with a turnover of over $3 million to report data breaches to the Privacy Commissioner.
However, Verizon says many small medical practices would not be covered by these changes.
Không có nhận xét nào:
Đăng nhận xét