Sydney cancer centre data subject to ransom threat

·1-min read

Private information from a Sydney cancer centre has been exposed as part of a ransomware group attack.

NSW Health is investigating the potential hack after the group threatened to expose data purportedly taken from the Crown Princess Mary Cancer Centre, which forms part of the Sydney West Cancer Network.

The health authority learned of the threat on Thursday and initial investigations suggested the attack had not impacted any NSW Health databases, nor Crown Princess Mary Cancer Centre databases.

"The safety and security of all NSW Health systems remains of highest importance and is continually monitored and safeguarded," a representative said on Friday.

"NSW Health works closely with State and Federal Government cyber security agencies to ensure that any cyber event is prevented, detected and responded to in the most appropriate manner."

The Crown Princess Mary Cancer Centre provides research, prevention, diagnostic, treatment and rehabilitation programs for patients and families coping with cancer.

The threat was posted by a group calling itself Medusa, with a countdown timer and a button to pay $100,000 to "delete all data".

A sample of the purported data included a letter to a patient, medical certificates, invoices and a spreadsheet seemingly showing more than a dozen patient names.

The countdown is due to expire at 10.30am Sydney time next Friday.