Queensland hospitals and aged care facilities were left without IT services after being the victim of a crippling cyber attack this week.
UnitingCare Queensland – which runs the Wesley and St Andrew’s Hospitals in Brisbane, St Stephen’s Hospital in Hervey Bay and the Buderim Private Hospital on the Sunshine Coast, and dozens of aged care and disability services throughout the state – had its internal IT system attacked by ransomware software.
According to the provider, the attack occurred on Sunday, leaving all facilities with inaccessible digital and technology systems. Having contacted the Australian Cyber Security Centre (ACSC), technical and forensic advisors have been working on the outage.
“As a result of this incident, some of the organisation’s digital and technology systems are currently inaccessible,” UnitingCare Queensland said in a statement.
“As soon as we became aware of the incident, we engaged the support of lead external technical and forensic advisors.
“We are committed to keeping our people, patients, clients and residents informed and safe as we work to resolve this incident, and will provide further relevant updates as new information comes to hand,” the statement continued.
“It is not possible to provide a resolution timeframe at this stage, however, our Digital and Technology Team are working to resolve this issue.”
According to a spokesperson from UnitingCare, their email system had been affected, and staff were using their private emails to correspond.
The attack has also impacted all operational systems, such as patient booking, and staff have moved to manual paper-based operations until the issue is resolved.
Doctors have also been left without access to vital patient information like x-rays and test results.
This is not the first time a cyber attack has threatened Australia’s healthcare system. In August of last year, ACSC released a statement warning Australian healthcare providers of a specific ransomware known as Maze, threatening to target aged care and health providers.
According to the statement, whoever is behind Maze considered the healthcare sector to be “lucrative targets” due to the sensitive personal and medical information collected.
“The Maze ransomware is designed to lock or encrypt an organisation’s valuable information so that it can no longer be used, and has been observed being used alongside other tools which steal important business information,” the statement said.
“Cybercriminals may then threaten to post this information online unless a further ransom is paid. This is especially effective in the aged care and healthcare sectors.”
At this time, it is unknown whether patients’ personal information has been accessed by the ransomware attack.
