黑料吃瓜群网

, and ,

It seems hardly a day goes by without another report of a cyber crime incident. With Medibank still fresh in our minds, the is on a Sydney-based cancer treatment facility, Crown Princess Mary Cancer Centre in Westmead 黑料吃瓜群网.

The cyber criminal group Medusa claims to have stolen thousands of files and is holding them to ransom.

Screenshot of Medusa Blog from Dark Web Site. Author provided

In what has become a common practice, the criminal gang seems to be using double extortion. In such scenarios, criminals typically demand a fee to 鈥渞elease鈥� the data back to the organisation 鈥� often with a 鈥渟ample鈥� made available to verify their claims.

The gangs then double-down with threats to publicise the data via their websites if payment isn鈥檛 made 鈥� in this case, a deadline of seven days.

Medusa is offering a range of options to delay the public release of data by 24 hours (US$10,000), to download and/or delete the data from the gang for US$100,000.

It鈥檚 currently unclear what will happen on Friday morning if the ransom is not paid. However, the Medusa Blog offers free access to data stolen from previous victims who did not pay the ransom by the deadline.

Victims data published on Medusa Blog. Author provided

According to , Medusa is the 鈥渟econd-most active cyber extortion group in the Pacific鈥�. Medusa has been organisations in Australia and New Zealand since the beginning of 2023.

Why target health services?

Any cyber attacks on the health sector are dangerous. While some cyber criminals have previously and , it seems these are now fair game.

Knowing the services and data held by these organisations are critical, it鈥檚 not surprising to see so many ransomware attacks are launched against critical health-care infrastructure.

Some notable incidents targeting the Australian health systems have included , and which operates four hospitals in Melbourne鈥檚 east 鈥� an attack which resulted in elective surgeries needing to be postponed.

According to tech giant , the health-care sector (and aligned industries) is one of the top targets for cyber criminals.

Ransomware incident and recovery engagements by industry. Microsoft Digital Defense Report 2022

What are the impacts?

The health sector deals with our most private data 鈥� none of us want this data in criminal hands. Apart from the privacy issues, the inability to continue regular activities in any health-care facility poses life-threatening risks.

A showed from 2016-2021, US health-care providers experienced 374 ransomware attacks that exposed the private health information of nearly 42 million patients.

Nearly half of these ransomware attacks disrupted the health-care services, with impacts including electronic system downtime, cancellations of scheduled care, and ambulance diversions.

Why do they keep happening?

Technical advances in the health industries have undoubtedly improved treatment and overall patient care. While this growth in technology is a positive for health care, it exposes health systems to cyber criminals.

With each passing year there is increased connectivity between clinical systems and medical devices. The health-care sector needs to be and heavily reliant on also known as digital health. This inter-connectivity makes health systems .

With the exception of state-sponsored groups, cyber criminals are primarily motivated by financial gain. Health care is undoubtedly one of the most promising targets as, if compromised, the organisations are more likely to pay the ransom 鈥� ultimately, because lives are at stake.

Cyber criminals capitalise on this and, even after good governance and enhanced cybersecurity within the sector, these incidents are likely to continue.

Living with cyber criminals around us

So far, reports about the Cancer Centre at Westmead have not indicated that operations have been significantly impacted. This may imply no computing devices have actually been compromised and locked 鈥� this could be seen as a positive.

However, those who have examined the samples of data published on the Medusa Blog have .

As Robert Mueller, former Director of the FBI, famously said:
There are only two types of companies: those that have been hacked and those that will be hacked.

Cyber crime has become a global industry with estimates predicting the impact at . With such potentially lucrative benefits, we have to accept we will be sharing cyberspace with criminals for the foreseeable future.

There are, of course, actions that can improve our cybersecurity preparedness, regardless of the sector. While nothing will completely eliminate the risk, making ourselves a less attractive target helps to reduce the likelihood of being a victim. So it鈥檚 important to:

• protect your systems: apply patches to all devices (including mobile phones); educate users to segregate personal and business activities; use strong and unique passwords for all systems/services
• include all systems: don鈥檛 forget the internet of things and operational technology (all the devices and software we use that connect to the internet); check default settings (changing any default passwords); and plan the disposal of old systems
• protect your data: data collected from all sources need to be kept in appropriate locations; think about how long you will keep data; and ensure data is protected from creation to destruction.
• protect your people: educate all staff on basic cyber hygiene; vet new staff; and think about your off-boarding practices
• seek advice: when things go wrong bring in the experts and liaise with law enforcement or other government agencies as appropriate.

And, finally, do not pay the ransom 鈥� it may be a difficult decision, but it only encourages the criminals behind the ransomware campaigns to keep going.

, Senior Lecturer of Computing and Security, and , Professor of Cyber Security Practice,

This article is republished from under a Creative Commons license. Read the .

Top image credit: iStockphoto.com/Hispanolistic

Originally published