Wednesday, May 23, 2018

Yet Again We See A Cyber-Attack Breach A Health Organisation, Presumably For Profit.

This news appeared early last week.

Cyber attack on Family Planning NSW client database

By Kate Aubusson
14 May 2018 — 11:30am
A cyber attack on Family Planning NSW has potentially exposed the personal information of clients, including women who have booked appointments or sought advice about abortion, contraception and other services over the past 2½ years.
Clients received an email from the organisation alerting them that their website had been hacked over two weeks ago, which may have compromised its online data.
“These databases contained information from clients who had contacted Family Planning NSW through our website in the past 2½ years, seeking appointments or leaving feedback,” read the email signed by Chair of the FPNSW board Sue Carrick and chief executive Adjunct Professor Ann Brassil.
“Since the attack, we have had no evidence that this information had been used by the cyber-attackers,” the email read.
FP NSW was one of several agencies targeted by the “cyber criminals” who requested a bitcoin ransom on Anzac Day, according to the email.
“We had the website secured by 10am on April 26, 2018,” clients were told.
“All web database information has been secure since this time and more sensitive medical records held internally were never under threat."
“The situation is now contained and there have been no further threats,” the email read.
More here:
There is detailed coverage here:

Family Planning NSW hit by ransomware attack

By Ry Crozier on May 14, 2018 12:01PM

May have compromised online databases.

Family Planning NSW was hit by a ransomware attack late last month and the clinic operator is warning that its “online databases” may have been compromised.
The provider of reproductive and health services said the databases contained the details of people who had made contact through its website to “seek appointments or leave feedback” over the past 2.5 years.
Sky News reported that as many as 8000 people may have been impacted.
“We were one of several agencies targeted by cyber criminals requesting a bitcoin ransom on ANZAC Day,” it said.
FPNSW said it had “secured” its website after the attack, though the site has just been a landing page since the attack that advises customers it is “getting a security update”.
“All web database information has been secure since this time and more sensitive medical records held internally were never under threat,”FPNSW board chair Sue Carrick and CEO Ann Brassil said in a joint letter circulating on social media, and verified by iTnews.
“The situation is now contained and there have been no further threats.”
Family Planning NSW said that the web form “does not connect to our internal medical records”; however, it was unclear how much detail the form asked people to submit when making requests.
More here:
Given the nature of the organization and the type of clients it has with patients seeking sexual health advice and treatment this is a pretty sensitive breach and needs to be a real warning to those in the health sector.
It is certain that this sort of breach will lead to a few more considering staying well clear of the myHR!
David.

1 comment:

  1. This probing of health systems I am sure is being taken seriously, systems are rarely these days islands, more and more systems are becoming trusted end points within a system of systems. It won’t be long before a few back doors are discovered.

    The no evidence of user information being used is an interesting claim, wonder what investergation they undertook to claim that?

    ReplyDelete