Cyberattack hits 10,000 patients' health data

Ransom demanded from CUHK medical faculty as other victims come forward

PUBLISHED : Wednesday, 06 August, 2014, 4:50am
UPDATED : Wednesday, 06 August, 2014, 4:50am

Chinese University's Faculty of Medicine has fallen victim to a new wave of cyberattack, with data on more than 10,000 patients hidden from view and a ransom demanded to decrypt it.

The attack targeted the faculty's Centre for Liver Health and Institute of Digestive Disease at the Prince of Wales Hospital in Sha Tin. A faculty spokeswoman said last night that it was operating as normal and patient care had not been jeopardised.

She added that the attack had encrypted the data so that the faculty could no longer access it, but it did not appear that the information had been stolen.

She said the two servers affected stored day-to-day data as well as research and teaching materials, including more than 10,000 patients' personal details and their health history.

Police confirmed the case was related to the ransomware "SynoLocker", which targets servers made by Synology.

A message demanded the faculty pay 0.6 bitcoin, about US$350, to free the data, according to a police source. Officers also found no evidence that the data had been leaked.

The faculty said the servers were immediately disconnected and other computer systems were affected. It believed a flaw in Synology's software was used by the hackers to launch the attacks.

The Hospital Authority and the Privacy Commissioner have been notified.

Chinese University said it had received no other similar reports from other departments.

A police spokesman said the department had yesterday received multiple reports from victims of similar attacks since Monday, and the Police Commercial Crime Bureau was investigating.

The spokesman appealed to the public to review and, if need be, strengthen their data security.

Reports about "SynoLocker" attackers in other regions have appeared since Monday.

Synology says that if attacked it is best to perform a complete shutdown to avoid more problems and to contact the company for additional help through its Knowledge Base website.