Cyber Attacks: They Could Happen to You

It is used at about 3,500 sites by around 40,000 practitioners in Australia. According to Telstra Health who acquired and distributed Argus, these users trusted Argus to “securely communicate confidential patient information quickly and reliably, in-line with privacy standards".

However, according to Fairfax Media, hackers managed to gain access to a number of doctors’ computers via a flaw in the Argus software. Although it appeared that the medical records had not been improperly accessed or disclosed, a Fairfax source said the hackers used the exposed information to run scams such as dating or rental scams, and to anonymously purchase goods online using presumably stolen credit cards.

The incident highlights the need for medical practices to regularly update software and security systems.

Telstra Health has indicated that the vulnerability appears to have occurred in specific versions of Argus that had not been updated, and where remote desktop connections were open to unauthorised parties outside of their network. When Argus was installed it automatically created an extra Windows user account with a default password stored in a plaintext file, allowing hackers to login.

The Australian Digital Health Agency said that the vulnerability has been addressed with a security patch and customers have been provided with the steps necessary to ensure they have the basic security settings in place. 

For more information on cyber security, see MDA National’s Cyber Resources page.