UnitingCare Queensland hit by cyber attack
Healthcare service provider UnitingCare Queensland was reportedly hit by a ransomware attack that crippled several IT systems
Innovations Awards Honourable Mention: NUHS
As one of the healthcare organisations conducting thousands of Covid-19 swab tests a day, medical workers at NUHS were overwhelmed by manual data entry. Find out how robotic process automation was injected into the patient registration process, enabling the automation project to go live in just six days, and slashing registration time from two minutes to just 30 seconds.
According to local media reports, the incident was reportedly caused by ransomware which had infected email and operations booking systems, causing staff to fall back on paper-based processes.
In a statement, UCQ which operates aged care facilities and several hospitals including St Andrew’s War Memorial Hospital, said as soon as it became aware of the incident, it engaged the support of external technical and forensic advisers.
It had also notified the Australian Cyber Security Centre of the incident and will continue to work with them to investigate the incident.
“Where necessary, manual back-up processes are now in place to ensure continuity of most services. Where manual processes cannot be implemented, services are being redirected or rescheduled accordingly,” it said.
Due to the recency of the incident, UCQ said it was not possible to provide a resolution timeframe, noting that its digital and technology team were working to resolve the issue as swiftly as possible.
“We are committed to keeping our people, patients, clients and residents informed and safe as we work to resolve this incident and will provide further relevant updates as new information comes to hand,” it added.
Jacqueline Jayne, security awareness advocate at KnowBe4, said aged care facilities are a very attractive target for cyber criminals due to the nature of the information they hold on their patients. Information that once obtained can be used for identity theft and sold multiple times on the dark web.
“This is not only health-related data as the addition of personally identifiable information is also there for the taking. Once illegal access has been obtained into an aged care facility there is also information available for employees, vendors, general business information which provides even more reason for cyber criminals to target this sector,” she said.
Rick McElroy, principal cyber security strategist at VMware’s security business, said the incident highlights the vulnerability of Australia’s healthcare sector to cyber attacks.
“While the attack methods may vary, most cyber criminals are motivated by a financial incentive. Given the critical nature of data at healthcare organisations, they are often a prime target for attacks, as cyber criminals know patient care is on the line and organisations are more apt to pay,” he added.
According to a VMware Carbon Black report, there were 239.4 million attempted attacks on healthcare organisations in 2020, an average of 816 attempted attacks per endpoint. That is a staggering 9,851% increase from 2019.
The Australian Cyber Security Centre has also released a recent cyber security report which found that ransomware is currently the most significant cyber threat to Australia’s healthcare sector.