Samuel Davis, Cape York Weekly
The private medical records of Cape York patients may have already fallen into the hands of crime syndicates lurking on the dark web, a cyber security expert has warned.
Apunipima Cape York Health Council confirmed on Thursday that a third party had accessed its data and possibly downloaded medical records after leaked emails revealed a major data breach.
As first reported by Cape York Weekly, it’s understood the hackers used a malicious software known as Lockbit to block users’ access to Apunipima’s systems.
The systems are now effectively locked and being held ransom by the hackers who are seeking an undisclosed payment.
University of Queensland cyber director Professor Ryan Ko said hackers preyed on vulnerable organisations and often researched their targets before breaching their data.
“Typically the users of these ransomware services look at public information,” he said.
“They’ll read annual reports, know how much money you turn over and base a ransom on what you can afford.
“Cyber attacks typically come from organised criminals based overseas. Sometimes they are multinational groups spanning across the globe.
“Cyber crime is profitable and it’s relatively easy to evade detection and is very difficult to attribute to the source.”
Ransomware attacks are far from random
While some businesses choose to pay ransoms after being hacked, Professor Ko said doing so can be dangerous.
“Some people and some organisations pay the ransom but then get placed into what’s called a ‘sucker list’,” he told Cape York Weekly.
“The criminals then share the ‘sucker list’ and the same organisations get targeted again. So, never pay.
“Instead, we should be constantly backing up our data so we can restore our systems without paying a ransom.
“(Once you’ve been breached), this information can then be sold online on the dark web.
“The key difference between physical crime and cyber crime is that in physical crime you lose the item.
“But when it’s sensitive information, if it’s stolen, the criminal has access to it that can lead to further crimes like identity theft and other sinister uses.”
“We need to understand or inquire about the use of information and its retention,” he said.
With cyber crime on the rise, Professor Ko said private citizens must also consider how they protect personal information.
“You should ask businesses what information of yours is being retained and if it’s retained, what for?
“In places where age has to be verified for example, there’s no need for the location to have your address or other details,” he said.
“That’s where legal reforms have to come in. New malware is created every quarter of a second.
“The scale of it is beyond what manual intervention can handle. At the Tokyo Games, in the span of two weeks they faced 450 million attempted cyber attacks.
“As long as you’re connected to the internet, you’re exposed to these criminal networks. You need to look at ways to protect yourself from attacks.”
State and federal health ministers, Yvette D’Ath and Mark Butler, refused multiple requests for comment when contacted by Cape York Weekly.
This article appeared in Cape York Weekly, 11 October 2022.
