Hackers steal physio clinic files

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.goldcoast.com.au/article/2013/05/15/451894_crime-and-court-news.html

A MERMAID Waters physiotherapy clinic is the second medical practice
on the Gold Coast to be held to ransom by an international hacker
demanding $5000 to unlock patient files.

The scam, which has affected businesses across the country, put more
than 8000 patient files at risk at the busy Q Super Centre practice on
Monday.

Back in Motion Physiotherapy owner Brad Beer said the files were
"missing" from the computer system for 24 hours, but were quickly
retrieved by support staff.

"We have secured all patient files prior to Friday, May 10," he said yesterday.

"It is only new files created in the past four days that are still
locked, but we are confident we will have those secured within 24
hours."

Mr Beer said the scam had already cost tens of thousands in lost
business and IT support.

"On Monday morning a pop-up message appeared on our computers
demanding $US5000 be deposited into an account to reactivate our files
and system," he said.

"We have had IT working on it for 48 hours and still only have limited
operations available.

"We were lucky to be able to retrieve most of the lost or locked
files, but one week is still missing and I don't know if we will be
able to find it."

In December the Miami Family Medical Centre was hit by a similar scam.
Mr Beer warned other businesses to be vigilant and ensure all company
information and patient files were backed up.

"If we didn't have such a good back-up system we would have been in
serious trouble," he said.

"We have communicated with our patients the best we could during this
process and are lucky they have been understanding."

The ransom scam began affecting businesses on the east coast last
year, prompting the Australian Federal Police to investigate.

They have linked some scams to Russia, Europe and America.

A small coastal school at Byron Bay was also held to ransom late last
year, with hackers encrypting its files and also demanding $5000.

A SCAMwatch spokesman has warned business owners to never pay the ransom.

"Do not let a scammer ransom you -- if you pay you're not guaranteed
that you will regain control of your computer and security has already
been breached," he said.

The AFP and Fraud Investigation Bureau are investigating.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.