tab62 - stock.adobe.com

UnitingCare Queensland hit by cyber attack

Healthcare service provider UnitingCare Queensland was reportedly hit by a ransomware attack that crippled several IT systems

Healthcare service provider UnitingCare Queensland (UCQ) was hit by a cyber attack earlier this week that rendered some of its digital and technology systems inaccessible.

According to local media reports, the incident was reportedly caused by ransomware which had infected email and operations booking systems, causing staff to fall back on paper-based processes.

In a statement, UCQ which operates aged care facilities and several hospitals including St Andrew’s War Memorial Hospital, said as soon as it became aware of the incident, it engaged the support of external technical and forensic advisers.

It had also notified the Australian Cyber Security Centre of the incident and will continue to work with them to investigate the incident.

“Where necessary, manual back-up processes are now in place to ensure continuity of most services. Where manual processes cannot be implemented, services are being redirected or rescheduled accordingly,” it said.

Due to the recency of the incident, UCQ said it was not possible to provide a resolution timeframe, noting that its digital and technology team were working to resolve the issue as swiftly as possible.

“We are committed to keeping our people, patients, clients and residents informed and safe as we work to resolve this incident and will provide further relevant updates as new information comes to hand,” it added.

Jacqueline Jayne, security awareness advocate at KnowBe4, said aged care facilities are a very attractive target for cyber criminals due to the nature of the information they hold on their patients. Information that once obtained can be used for identity theft and sold multiple times on the dark web

“This is not only health-related data as the addition of personally identifiable information is also there for the taking. Once illegal access has been obtained into an aged care facility there is also information available for employees, vendors, general business information which provides even more reason for cyber criminals to target this sector,” she said.

Rick McElroy, principal cyber security strategist at VMware’s security business, said the incident highlights the vulnerability of Australia’s healthcare sector to cyber attacks.

“While the attack methods may vary, most cyber criminals are motivated by a financial incentive. Given the critical nature of data at healthcare organisations, they are often a prime target for attacks, as cyber criminals know patient care is on the line and organisations are more apt to pay,” he added.

According to a VMware Carbon Black report, there were 239.4 million attempted attacks on healthcare organisations in 2020, an average of 816 attempted attacks per endpoint. That is a staggering 9,851% increase from 2019.

The Australian Cyber Security Centre has also released a recent cyber security report which found that ransomware is currently the most significant cyber threat to Australia’s healthcare sector.

Read more about cyber security in Australia

Read more on Hackers and cybercrime prevention