Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Sydney-based medical practice has confirmed a data breach impacting patient records following the January INC Ransom hack claim.
Spectrum Medical Imaging has begun notifying patients of a data breach impacting their personal data, including medical information in some cases.
The medical practice was listed as a victim on INC Ransom’s darknet leak site in January, but at the time, Spectrum said it was unaware of any such incident and had not been contacted by the hackers.
Spectrum also told Cyber Daily that in the event of a ransomware attack, its policy was to not pay the hackers.
Patients of Spectrum began receiving notifications via text message today, 12 February. Cyber Daily has seen the notification.
“Dear valued patient,” the message began.
“Spectrum Medical Imaging recently experienced a cyber security incident. A third party gained access to some of our IT systems and certain patient records. Unfortunately, some of your data has been accessed and copied. This could include name, DOB, contact details, and some health information. We do not believe any payment information was impacted, and the attackers have been locked out of our system.”
The message also included a link to the privacy page on Spectrum’s website, which has more information on the incident.
“We believe the third party is no longer active in our IT environment,” Spectrum said.
“We have engaged specialised cyber security forensic experts to thoroughly investigate and ensure the security of our systems.”
According to Spectrum, the practice has identified the individuals impacted by the data breach and has “commenced the process of contacting those individuals”.
The individual who shared the text message with Cyber Daily asked: “How did it take a whole month to tell us our sensitive info was compromised?”
Since INC Ransom’s initial leak post in January, the ransomware gang has now published the complete data set, which comprises folders containing patient scans and oncology information, as well as several backups from Spectrum’s Liverpool practice.
A file listing posted by INC Ransom comprises 279,834 files in 4,657 folders. The total size of the compromised dataset appears to be 149.7 gigabytes.
Spectrum has practices in Alexandria, Bankstown, Bondi Junction, Casula, Liverpool, Maroubra, Miranda, and Randwick. Spectrum offers a range of services, including CT scans, X-rays, dental imaging, ultrasounds, and women’s procedures.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
