cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram

NSW cancer treatment centre targeted by Medusa hackers

A major NSW cancer treatment centre is believed to have been targeted by a cyber attack, with a malicious hacking group claiming responsibility.

NSW Health has announced that it has begun an investigation into an attack on the Crown Princess Mary Cancer Centre, which is a part of Westmead Hospital.

Responsibility for the attack, which was detected by NSW Health late on Thursday (4 May), has been claimed by the Medusa hacking group, which according to analysts from CyberCX via the ABC, is the “second-most active cyber extortion group in the Pacific”, having targeted large, high-profile organisations in Australia and New Zealand since January this year.

Medusa claims to have stolen data from Crown Princess Mary and is threatening to release it unless the hospital pays a ransom. The group has listed Crown Princess Mary on its leak site and has begun a seven-day countdown.

According to a spokesperson for NSW Health, both its databases and the cancer treatment centre’s databases appear unaffected.

“NSW Health continues to investigate this issue, which does not appear to have impacted any NSW Health databases, nor Crown Princess Mary Cancer Centre databases,” they said.

“The safety and security of all NSW Health systems remains of highest importance and is continually monitored and safeguarded.”

The value of the requested ransom has not been disclosed, but based on recent attacks from Medusa, it is likely to be in the millions.

An attack on Minneapolis Public Schools (MPS) in March saw the group request US$1 million in ransom.

Artificial intelligence security company Darktrace has said that the attack comes as a response to the Medibank hack, which was reportedly claimed by a rival ransomware group.

[The attack] follows the leaking of Medibank patient data last year, which is believed to have been carried out by a rival ransomware gang,” said a Darktrace "spokesperson.

"“For the criminal gangs involved, it creates a win-win scenario. Either they obtain a large payout in the form of hard-to-trace cryptocurrency, or they gain the notoriety and infamy associated with a high-impact and widely publicised cyber attack.

“In both scenarios, the chances of being caught and held to account for their actions are small.”

In addition, Darktrace said that the incident highlights the danger of outlawing ransomware payments, a move the Australian government is considering.

“Even if a ban were feasible and enforceable, attackers will still be motivated to use ransomware, seeking out situations in which the sensitivity of the data involved brings moral and ethical questions about whether paying the ransom is in fact the best course of action,” it said.

Darktrace said that banning ransomware payments would only force cyber gangs to find new techniques and that the government would be better off targeting “the source of the problem rather than a ransom payment ban targeting a symptom”.

Experts from leading cybersecurity organisation Palo Alto have expressed the same sentiment, with Alex Nehmy, Field Chief Security Officer APAC at global cybersecurity leader Palo Alto Networks saying that the healthcare industry is a key sector where banning ransomware payments could have a detrimental effect.

"The decision to pay or not to pay the ransom is nuanced, and nowhere is this more apparent than in the healthcare industry," he said.

"Whilst the decision to make a ransom payment is detrimental in a number of ways, a key drawback being that it emboldens criminals to continue these tactics, when it comes to medical care and data, the decision is not so black and white.

"Patients’ medical data, and in some cases their access to life-saving medical care, need to be considered and will likely take precedence.”

user icon Daniel Croft
Fri, 05 May 2023
NSW cancer treatment centre targeted by Medusa hackers
expand image

Comments powered by CComment

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.