You’ve Been Hacked!

15 May 2017

sara bird

by Dr Sara Bird

Hacker sits at computer with binary code in background

What would you do if you arrived at work today and found you could not access the computer systems? No access to medical records, test results, appointments, prescriptions or emails…

This was the reality for a number of UK hospitals and general practices last week when malicious software encrypted the contents of many National Health Service (NHS) computers. Infected computers displayed a pop-up message demanding payment of a ransom in Bitcoins within three days to access their computer and retrieve files. Failure to pay would see the ransom escalated, followed by automatic deletion of the files.

The attack appeared to exploit a weakness in the software which had been remedied by a software patch earlier this year, but may not have been installed across NHS computers. Malicious software can also be introduced by phishing –  where an email attachment or a web link, when opened, downloads the ransomware.

Ransomware in healthcare is increasing

A 2016 IBM survey found 70% of business executives with experience of ransomware had paid to get their data back, including a US hospital which paid attackers 40 Bitcoins (then US $17,000).

An increasing number of doctors and practices are contacting MDA National to discuss data intrusions into their practice computer systems.

How can you protect your computer systems from ransomware?

Useful guidance is available from the RACGP’s Computer and Information Security Standards and the Federal Attorney General’s Department’s CERT.

Some of the recommended strategies include the following:

  • Ensure applications and operating systems are kept up to date with the latest software patches.
  • Regularly back-up files, maintain an off-line copy and test your backups – as online drives and network shares are encrypted by the malware, any connected backups will be rendered unusable.
  • Ensure computer systems are running antivirus software with the latest antivirus signatures.
  • Consider implementing software restriction policies to hinder the ability of malicious software to execute successfully.
  • Monitor intrusion detection and/or prevention systems, user logs and server logs for suspicious behaviour.

This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters. This blog is based on an actual event but details have been changed to protect the privacy of those involved.



Doctors Let's Talk: Get Yourself A Fricking GP

Get yourself a fricking GP stat! is a conversation with Dr Lam, 2019 RACGP National General Practitioner of the Year, rural GP and GP Anesthetics trainee, that explores the importance of finding your own GP as a Junior Doctor.


25 Oct 2022

Systematic efforts to reduce harms due to prescribed opioids – webinar recording

Efforts are underway across the healthcare system to reduce harms caused by pharmaceutical opioids. This 43-min recording of a live webinar, delivered 11 March 2021, is an opportunity for prescribers to check, and potentially improve, their contribution to these endeavours. Hear from an expert panel about recent opioid reforms by the Therapeutic Goods Administration and changes to the Pharmaceutical Benefits Scheme. 

Diplomacy in a hierarchy: tips for approaching a difficult conversation

Have you found yourself wondering how to broach a tough topic of conversation? It can be challenging to effectively navigate a disagreement with a co-worker, especially if they're 'above' you; however, it's vital for positive team dynamics and safe patient care. In this recording of a live webinar you'll have the opportunity to learn from colleagues' experiences around difficult discussions and hear from a diverse panel moderated by Dr Kiely Kim (medico-legal adviser and general practitioner). Recorded live on 2 September 2020.