Australia is in the midst of a major data breach crisis after the health records of millions of Aussies were released on the dark web by hackers demanding undisclosed ransom. According to an article published online by Gizmodo, Australian insurance provider Medibank negotiated with the unknown hackers before ultimately deciding not to pay—at which point the cybercriminals put private medical information online. The group, which cybersecurity experts are calling BlogXX, appears to be running a long game, having breached Medibank’s system a month before contacting the company. They spent that time picking over the data in order to come up with “naughty” and “nice” lists, distinguished by the nature of a given patient’s diagnoses (with the “naughty” list reflecting more sensitive conditions like addiction and eating disorders). The lesson is that failing to prevent data breaches could leave you and your patients’ most sensitive private information vulnerable. There are steps you can take to reduce the risk of that happening, though, as detailed in a pair of articles JUCM published. You can read Education Is Key to Avoiding Increasingly Sophisticated Cyber Crime and Protecting Patient Privacy in the Cloud in our archive right now.
Australia Learned Too Late: By the Time You’re Hacked, You’re at the Mercy of the Criminals