Key Points
- A Sydney-based cancer centre may be the latest victim of a cyber attack from a ransomware group called Medusa.
- The group has threatened to leak patient data unless the clinic pays a ransom of $100,000.
- It comes after a series of cyber attacks in recent months, including against Optus and Medibank.
Pay your hacker $100,000 within their seven-day deadline and the data they stole will be wiped.
Or run the risk of the hacker writing letters to your cancer patients, accessing their medical documents and potentially harassing them for money.
That's the issue a major Sydney-based cancer clinic is facing after becoming the latest potential victim of a cyber attack from a notorious ransomware group.
Here's what we know about the incident so far.
What happened?
A ransomware group called Medusa has threatened to expose data that it says has been taken from the Crown Princess Mary Cancer Centre.
The centre is based in Westmead Hospital and forms part of the Sydney West Cancer Network, which also encompasses a Blacktown cancer clinic and Mt Druitt palliative care unit.
The Crown Princess Mary Cancer Centre provides research, prevention, diagnostic, treatment and rehabilitation programs for patients and families coping with cancer.
The threat was posted by a group calling itself Medusa on its blog along with a seven-day countdown timer and a button to pay $100,000 to "delete all data".
The countdown is due to expire at 10.30am Sydney time next Friday.
Medusa gained notoriety after being responsible for a ransomware attack on the Minneapolis Public Schools district in the US in February, which led to highly sensitive information about students being published online. The group demanded the district administration pay a ransom of US$1 million ($1.48 million) before the data leak, which was refused.
What's being done about the threat?
NSW Health learned of the threat on Thursday and is investigating whether other public health systems have been compromised.
"The safety and security of all NSW Health systems remains of the highest importance and is continually monitored and safeguarded," a spokesperson said on Friday.
"NSW Health works closely with State and Federal Government cyber security agencies to ensure that any cyber event is prevented, detected and responded to in the most appropriate manner."
Initial investigations suggested the attack had not impacted any NSW Health databases, nor Crown Princess Mary Cancer Centre databases.
What's happening with the Medibank data breach?
The Sydney cancer clinic investigation comes as Medibank is hit with another class action .
Law firm Slater and Gordon launched legal action on Friday on behalf of customers whose personal information was compromised in a hack last October.
It's alleged Medibank and its subsidiary Australian Health Management breached privacy and consumer laws as well data retention legislation.
Members of the class action are seeking compensation for losses, including time and money spent replacing identity documents. They are also seeking damages for non-economic losses like distress, frustration and disappointment.
Medibank said it planned to defend the proceedings.
