Menu Close

Protect your practice against attack

Taking simple steps to secure your business and keep your patients safe

Sydney Morning Herald: Ransom racket hits Brisbane businesses
ABC News: Russian hackers hold Gold Coast doctors to ransom

Media reports have spread of a so called “Ransomware” attack on a Gold Coast medical centre. In this case an attacker has manually gained control of a server, encrypted their data and is holding it to ransom for $4,000.

Such attacks are nothing new. We’ve been dealing with similar attacks since the advent of remote desktop technology. It is important to understand that Anti-Virus or Anti-Malware software is only one line of defense and is useless against an attack like this. Reading between the lines, it would appear that this particular attack was enabled by a combination of direct remote desktop enabled through a firewall, weak passwords and a poorly implemented backup system.

What can we do to prevent this happening to you?

Allowing remote access into your systems presents a security risk, but that doesn’t mean that you should stop using it. The majority of sites setup by Mobile Computing use some form of two factor authentication with strong passwords. This is an order of magnitude more secure than direct remote desktop access.

To be sure, we are working through all contract clients to double-check the following:

  • Direct Remote Desktop access is not allowed.
  • Your router is secured.
  • Your server is up to date with critical security patches.

We hope to have these checks completed by tomorrow. We will address any security concerns that we can immediately and book those that can’t be done while you are working.

What can you do to stay safe?

  • Change your password, make it strong.
  • Ensure you understand if you have direct remote desktop enabled and seek assistance to have it secured.
  • Ensure you know how to check your backups and that they are taken off-site regularly.
  • Keep your web browsing work related while at work.
  • Don’t open e-mail if you don’t know who it is from.
  • Don’t open e-mail attachments unless you are sure they are safe.
  • Hover before you click links in e-mail; check that the link is not dodgy!

Contact Health IT for assistance with any of the above. Bookings for security checks will be given top priority.

Should you suspect that your systems have been compromised please contact us immediately. Phone (07) 3839 4321 or e-mail service@healthit.com.au.