Articles and Case Studies

Ransomware - a real and credible threat

26 Nov 2021

Karen Stephens

by Karen Stephens

Ransomware real and credible threat

Ransomware is a type of malicious software (malware). When it gets into your device, it makes your computer or files unusable. Cybercriminals use ransomware to deny you access to your files or devices. They then demand payment to regain your access.
Ransom demands are reported to be climbing, from an average of US$6,000 in 2018, to US$84,000 in 2019, and US$178,000 in 2020. The funds are usually requested to be transferred electronically, often in untraceable cryptocurrency such as Bitcoin.



According to the Notifiable Data Breaches Report January-June 2021 from the Office of the Australian Information Commissioner (OAIC):

  • ransomware made up 24 per cent of the 192 cybersecurity incidents notified as a data breach to the OAIC from January to June 2021.
  • data breaches from ransomware incidents increased to 46 notifications from 37 in the last reporting period
  • across all types of breaches, the health sector was the highest reporting industry sector, notifying 19 per cent of all breaches.



Being unable to access computer files will have immediate and severe impact on the running of most medical practices.

  • A cardiology practice in Florida hit by ransomware in 2021 had its phone lines and IT systems shut down, and was still operating at a reduced capacity several months later.
  • Victorian hospitals hit by a ransomware attack in 2019 had to cancel some elective surgery and appointments.
  • In 2017, WannaCry – a global ransomware attack – infected the NHS in England, causing thousands of appointments and operations to be cancelled. And in five areas, patients had to travel further to Accident & Emergency departments.



Protective measures are outlined in the Australian Cyber Security Centre’s (ACSC) ransomware prevention and protection guide. These involve seven steps:

  1. Update your device and turn on automatic updates
  2. Turn on multifactor authentication
  3. Set up and perform regular backups
  4. Implement access controls
  5. Turn on ransomware protection
  6. Prepare your cyber emergency checklist
  7. Remain vigilant and informed


Backups are vital

Recovering from ransomware is almost impossible without comprehensive backups – preferably both to an external storage device and to the cloud. Backups should be done regularly to minimise gaps in the data, and this can usually be automated via your system settings. Backups should also be checked regularly to ensure they have worked. You can get more guidance on backups from the Australian Digital Health Agency (ADHA) and the Royal Australian College of General Practitioners (RACGP).


What to do if it happens to you

The ACSC has an emergency response guide which provides simple step-by-step instructions on what to do. Outlined steps include immediately disconnecting the infected device, running a malware scan, and seeking professional IT assistance.

The ACSC recommends not to pay the ransom. There is no guarantee that paying the ransom will fix your devices, and it can make you vulnerable to future attacks.
Refusing to pay the ransom requires that your backup can recover all or most of the files or data. Without sufficient backup, you may have no option but to pay the ransom. Unfortunately, paying the ransom won’t guarantee getting everything back.


A recent global survey found that on average only 65 per cent of the encrypted data was restored after a ransom was paid, and only eight per cent of organisations were able to restore all of it.


Case study: As it happened at a practice insured by MDA National

One morning at a specialist practice, the receptionist started the computers and tried to open the records and billing software (BlueChip). When she couldn’t get it to open, she phoned the practice’s IT provider who sent a staff member to the practice straight away. He found that the files on the shared drives had been encrypted, and a ransom in bitcoin had been demanded to provide a decryption key. He identified one machine as the source of the infection and shut it down.

Later that day when the IT provider tried to restore data from the backup server, he found that the backup server’s internal data and external backup drive had also been locked. The police were notified.

The practice owner decided to pay the ransom. Communication with the scammers over several days led to two attempts to decrypt the data, but the data was not completely restored. Three weeks’ worth of patient reports were never recovered. It took five days for the practice system to be functional. Fortunately, there was no evidence that patient records had been accessed by the scammers.

To prevent this happening again, the practice now only allows remote access through a secure VPN. The administrator passwords and file-share permissions to the backup server were changed, and additional backups now include multiple offsite and offline copies of data kept in rotation – so there are at least four copies of business data less than 10 days old at any time.

Stay updated with the latest medico-legal content

Subscribe to MDA National’s biannual Member publication, Defence Update, for the latest medico-legal updates, articles and case studies.

Subscribe now

Subscribe to MDA National’s biannual Member publication, Defence Update, for the latest medico-legal updates, articles and case studies here.

Confidentiality and Privacy, Medical Records and Reports, Practice Management, Technology, Anaesthesia, Dermatology, Emergency Medicine, General Practice, Intensive Care Medicine, Obstetrics and Gynaecology, Ophthalmology, Pathology, Practice Manager Or Owner, Psychiatry, Radiology, Sports Medicine, Surgery, Physician, Geriatric Medicine, Cardiology, Plastic And Reconstructive Surgery, Radiation Oncology, Paediatrics, Independent Medical Assessor - IME, Gastroenterology


Doctors Let's Talk: Get Yourself A Fricking GP

Get yourself a fricking GP stat! is a conversation with Dr Lam, 2019 RACGP National General Practitioner of the Year, rural GP and GP Anesthetics trainee, that explores the importance of finding your own GP as a Junior Doctor.


25 Oct 2022

Systematic efforts to reduce harms due to prescribed opioids – webinar recording

Efforts are underway across the healthcare system to reduce harms caused by pharmaceutical opioids. This 43-min recording of a live webinar, delivered 11 March 2021, is an opportunity for prescribers to check, and potentially improve, their contribution to these endeavours. Hear from an expert panel about recent opioid reforms by the Therapeutic Goods Administration and changes to the Pharmaceutical Benefits Scheme. 

Diplomacy in a hierarchy: tips for approaching a difficult conversation

Have you found yourself wondering how to broach a tough topic of conversation? It can be challenging to effectively navigate a disagreement with a co-worker, especially if they're 'above' you; however, it's vital for positive team dynamics and safe patient care. In this recording of a live webinar you'll have the opportunity to learn from colleagues' experiences around difficult discussions and hear from a diverse panel moderated by Dr Kiely Kim (medico-legal adviser and general practitioner). Recorded live on 2 September 2020.