Conflicting claims of a cyber attack on a major hospital have emerged after a private cancer specialist revealed his own IT systems were targeted with sensitive patient data seemingly leaked, highlighting the risks to doctors in private practice.
Media reports earlier this month suggested the Crown Princess Mary Cancer Centre at Westmead Hospital, Sydney, had fallen victim to hackers after cyber criminal group Medusa threatened to release patient data stolen from the facility.
Posting on the dark web, the cyber gang set a seven-day countdown clock along with demands for a ransom of $US 100,000 to be paid to a bitcoin address.
It also provided a “proof pack” and listed more than 10,000 files on its system, according to cyber researchers at databreaches.net [link here].
However, it now appears the criminals actually hacked into the IT systems of Associate Professor Felix Chan, a gynaecological oncologist who has rooms located at Westmead Private Hospital, rather than the cancer centre itself.
In a statement on his website [link here], Dr Felix, who specialises in robotic surgery, said he became aware that he had been targeted in a cyber incident on 1 May.
“In response, I took immediate action to safeguard patients and contain the incident by engaging external cyber security experts, and I am actively working with the NSW government and other regulators,” Professor Chan wrote.
“I understand that this news will be concerning to current and former patients, and I apologise for the distress and uncertainty that patients may be feeling.
“My number one priority is ongoing medical care and support of my patients.”
Professor Chan, who is known for pioneering multiple techniques in robotic gynaecological surgery and performing the first single site robotic hysterectomy in Australia in 2013, said disruption to patient care had been minimal.
“Cyber security specialists are working around the clock to ensure that the practice’s systems are secure, to determine how this incident began, and to identify which patients may have had their personal information compromised.
“I will continue to provide updated information to our patients, and the broader community as the investigation continues.”
Police were investigating the incident, according to The Australian.