The healthcare sector continues to be a prime target for cybercriminal groups, with targeted attacks putting patient safety and medical information confidentiality at risk. The recent attack on Heart Centre, a network of cardiology clinics located in New South Wales, Australia, carried out by the DragonForce group, once again highlights the vulnerability of hospital IT infrastructures and raises questions about the real responsibilities in protecting sensitive data.
Heart Centre is a network of cardiology clinics with three main locations in New South Wales: Heart Centre Castle Hill, Heart Centre Merrylands, and Heart Centre Rouse Hill. These centres offer advanced services for the diagnosis and treatment of cardiovascular diseases, providing care to a wide patient base and utilizing cutting-edge technologies to ensure high-quality care. However, like many other healthcare facilities, Heart Centre is vulnerable to cyber threats, a problem that was acutely demonstrated in the recent attack.
The DragonForce cybercriminal group contacted SuspectFile.com, claiming responsibility for breaching Heart Centre’s IT systems on January 16, 2025, and successfully encrypting the data stored on the hospital’s servers. Before executing the encryption, the group stated that it had exfiltrated approximately 5GB of documents containing sensitive information such as patient data, diagnoses, and other protected health information (PHI). Additionally, DragonForce specified that it had stolen the following database backups, an element suggesting a significant compromise of the hospital’s IT infrastructure:
- mspdata_backup_2025_01_15_230001_8499476.bak
- mspref_backup_2025_01_15_230001_8519483.bak
- Stat_backup_2025_01_15_230001_8439442.bak
- StatMims_backup_2025_01_15_230001_8409482.bak
These files could contain critical information related to patients and administrative operations of the hospital, increasing the risk of privacy breaches and potential misuse of the stolen data.
Attacks on hospitals are nothing new. The healthcare sector has been a preferred target for ransomware groups for years for various reasons. Many hospitals operate on legacy systems that no longer receive security updates, increasing the attack surface. Medical devices such as pacemakers and infusion pumps often have unmodifiable default passwords and outdated firmware, creating entry points for attackers. Additionally, uncontrolled access between critical and less secure systems facilitates lateral movement of cybercriminals within the hospital network. Doctors and administrators often do not receive adequate training on cybersecurity practices, increasing the risk of attacks via phishing and other social engineering techniques.
While cybercriminals are directly responsible for these attacks, it is crucial to examine the shortcomings of healthcare facilities and relevant authorities in protecting sensitive data. Key areas that must be urgently addressed include: updating IT infrastructures and adopting advanced threat detection solutions, conducting regular security audits and penetration testing to identify and fix vulnerabilities before they can be exploited, improving awareness of cybersecurity threats to reduce the risk of phishing and malware attacks, and ensuring greater transparency and timely communication in the event of an attack to inform authorities and patients, reducing the risk of further harm from data breaches.
The attack on Heart Centre serves as another wake-up call regarding the vulnerability of the healthcare sector to cyber threats. As hacker groups continue to evolve and their attack techniques become more sophisticated, it is increasingly clear that responsibility cannot fall solely on them. Hospitals, technology providers, government authorities, and cybersecurity professionals must join forces to strengthen the protection of healthcare data and safeguard patient privacy.
If concrete and timely measures are not taken, the risk of repeated attacks and irreparable damage to patients and healthcare facilities will remain high, with potentially devastating consequences for the entire healthcare system.
Despite the severity of the incident, as of the publication of this article, no official statement has been found from Heart Centre on its website or other communication channels.