Privacy & Security
Azure Sentinel and Threat Expert are designed to help separate signal from noise, the company says.
More than 63 percent of laptops have deficiencies of users storing data locally rather than accessing the organization’s programs and data via secure, virtual desktop software, a new report shows.
Update: Patient privacy “not compromised or breached” during Melbourne Heart Group ransomware attack
Melbourne Heart Group has advised that no patient’s privacy was compromised or breached in a recent ransomware attack.
Earlier this year, a syndicate hacked and scrambled around 15,000 electronic medical records at the specialist cardiology unit at the Cabrini Hospital premises in Melbourne.
In a statement, the company said its systems have been restored and confirmed that no records left its system.
“[Melbourne Heart Group] wishes to advise all our patients that the cybersecurity incident we experienced in late January has been resolved. The data has been decrypted and our systems have been restored,” the statement read.
“We would like to emphasise that patients’ privacy has not been compromised or breached. No information left our computer system – it was encrypted so that no one could see it, even ourselves.”
No further information about the case, such as where the malware was from, if a ransom payment was made or the exact number of affected records was revealed.
Cabrini Health Chief Executive Dr Michael Walsh also confirmed that the attack did not involve Cabrini records as data storage and other information systems in the specialist suite is owned and managed by Melbourne Heart Group.
“The cyber-security incident reported… occurred at the Melbourne Heart Group, a group of specialists who lease rooms at Cabrini Malvern. Data storage and other information systems in specialist suites are owned and managed by the specialists, not by Cabrini. The specialists are not employees of Cabrini,” he said.
“The protection of patient information is of the utmost importance and is a responsibility Cabrini takes very seriously. No Cabrini data storage or patient related systems or operations have been impacted or compromised by this incident and there has been no breach of hospital patient data."
[Read more: Medical records at Victorian hospital get hacked | Is your healthcare ecosystem cyber resilient enough?]
The Office of the Australian Information Commissioner (OAIC) recently identified, in its latest Notifiable Data Breaches Quarterly Statistics Report, that malicious and criminal attacks was the second largest source of data breaches from the health sector.
It also found that the health sector topped the list of notifiable data breaches for the fourth consecutive quarter.
With mega-breaches and hacking persisting as a top cybersecurity concern globally, the Therapeutic Goods Administration (TGA) recently released a draft regulation guidance on cybersecurity for medical devices, in line with the existing regulatory requirements.
It calls for a clear regulatory environment for connected medical solutions and identifies strategies to influence the approaches of those who use medical devices.
The total number of breaches is at a three-year low, but the incidents are larger, affect more people – and are often caused by underprotected IT environments, according to a new Bitglass report.
University of California researchers say the sounds biomedical research machines make are vulnerable to hackers.
A comprehensive cybersecurity plan combines traditional IT access with legacy telephony and on-premises access powered by AI.
The struggles to secure medical devices continue in the effort to bring greater access to data and improved treatment.
The report from the agency's Health Information Technology Advisory Committee shows that patient engagement and cybersecurity will also be big parts of its agenda going forward.
Employees taking it upon themselves to adopt unsanctioned collaboration tools are causing tension and raising security risks, a new study says.
In a suspected ransomware attack, a cybercrime syndicate has hacked and scrambled around 15,000 medical records at a Victorian hospital.
Medical files from Melbourne Heart Group, a specialist cardiology unit based within the Cabrini Hospital premises in Melbourne, had been compromised, with the hackers restricting access to the records for more than three weeks and demanding a ransom for access, according to The Age.
It was reported that the hack started as a malware attack, crippling its server and corrupting the data and that the cybercrime syndicates demanded ransom be paid in cryptocurrency for a password that breaks the encryption.
This resulted in some patients not having any records at the unit, while others got told that their “files had been lost”.
The malware is believed to be from Russia or North Korea.
The Age also reported that a ransom payment was likely made by the Melbourne Heart Group; however, not all of the scrambled files have been recovered.
Commonwealth security agencies including the Australian Cyber Security Centre and Federal Police are assisting the hospital with the case.
Cabrini Chief Executive Dr Michael Walsh confirmed with HITNA that the data storage and other information systems in specialist suites are owned and managed by the specialists, not by the Cabrini Hospital.
“The specialists are not employees of Cabrini. No Cabrini data storage or patient-related systems or operations have been impacted or compromised by this incident and there has been no breach of hospital patient data,” Walsh said.
He also said that the protection of patient information “is of the utmost importance and is a responsibility Cabrini takes very seriously”.
A Melbourne Heart Group spokesperson told The Age that there were no connections between the data encrypted with any function in relation to cardiac implantable electrical devices like pacemakers or defibrillators.
The spokesperson did not confirm the number of files affected, nor if the ransom had been paid.
Update 27/02/19: Melbourne Heart Group has since advised that no patient’s privacy was compromised or breached in this ransomware attack.
[Read more: NSW Health Minister apologises as hundreds of abandoned medical files are discovered in derelict former aged care facility | One year on from WannaCry and healthcare organisations are prime targets for cyber attackers]
Tenable ANZ Country Manager Bede Hackney said healthcare organisations continue to be an attractive target for cybercriminals and with the rollout of My Health Records complete, malicious activity is expected to increase.
“Healthcare naturally has a target on its back due to the wealth of personal and sensitive data it shares,” he said.
“Developers of ransomware and other malicious code are creating new methods of exploiting systems on a daily basis. Australian healthcare organisations, small and large, public and private, must protect themselves and the patient data they store in the face of a rapidly evolving attack surface.”
Furthermore, Hackney said that being locked out of critical health information, such as what is stored in centralised databases like My Health Records, can have “life-threatening consequences”.
However, he said the techniques utilised by ransomware can be prevented – and the probability of an infection reduced – by taking a few steps.
“A good starting point is to consult the ASD Essential Eight Maturity Model, which outlines security practices such as regular patching to minimise cyber risk,” Hackney said.
“With patient lives and records on the line, healthcare organisations must take a proactive approach to preserve the integrity of the data they’ve been entrusted to protect.”
StorageCraft Asia-Pacific Head of Sales Marina Brook attributed recent findings from global cybersecurity insurance provider, Beazley, which said that 45 per cent of all ransomware attacks in 2017 were aimed at the healthcare sector.
"The ransomware attack on the Melbourne Heart Group reinforces the importance of ensuring that data is stored securely and, equally important, is able to be restored within the shortest time possible, to prevent compromising quality of care for patients," she said.
"When a human life is in the balance, there’s no time to wait for completion of bitcoin payments to criminals, nor do we have the luxury to wait for terabytes of patient data to be restored over a week. The data needs to be restored and available within seconds.”
StorageCraft most recently introduced StorageCraft for Healthcare, a converged scale-out primary and secondary data platform with integrated data protection.