Apr 27, 2021

Hospitals and aged care homes hit by crippling cyber attack

Cyber attack

Queensland hospitals and aged care facilities were left without IT services after being the victim of a crippling cyber attack this week. 

UnitingCare Queensland – which runs the Wesley and St Andrew’s Hospitals in Brisbane, St Stephen’s Hospital in Hervey Bay and the Buderim Private Hospital on the Sunshine Coast, and dozens of aged care and disability services throughout the state – had its internal IT system attacked by ransomware software. 

According to the provider, the attack occurred on Sunday, leaving all facilities with inaccessible digital and technology systems. Having contacted the Australian Cyber Security Centre (ACSC), technical and forensic advisors have been working on the outage. 

“As a result of this incident, some of the organisation’s digital and technology systems are currently inaccessible,” UnitingCare Queensland said in a statement.

“As soon as we became aware of the incident, we engaged the support of lead external technical and forensic advisors.

“We are committed to keeping our people, patients, clients and residents informed and safe as we work to resolve this incident, and will provide further relevant updates as new information comes to hand,” the statement continued. 

“It is not possible to provide a resolution timeframe at this stage, however, our Digital and Technology Team are working to resolve this issue.”

Patient booking impacted

According to a spokesperson from UnitingCare, their email system had been affected, and staff were using their private emails to correspond. 

The attack has also impacted all operational systems, such as patient booking, and staff have moved to manual paper-based operations until the issue is resolved. 

Doctors have also been left without access to vital patient information like x-rays and test results.

Not the first cyber attack

This is not the first time a cyber attack has threatened Australia’s healthcare system. In August of last year, ACSC released a statement warning Australian healthcare providers of a specific ransomware known as Maze, threatening to target aged care and health providers. 

According to the statement, whoever is behind Maze considered the healthcare sector to be “lucrative targets” due to the sensitive personal and medical information collected. 

“The Maze ransomware is designed to lock or encrypt an organisation’s valuable information so that it can no longer be used, and has been observed being used alongside other tools which steal important business information,” the statement said.

“Cybercriminals may then threaten to post this information online unless a further ransom is paid. This is especially effective in the aged care and healthcare sectors.”

At this time, it is unknown whether patients’ personal information has been accessed by the ransomware attack. 

Leave a Reply

Your email address will not be published. Required fields are marked *


URGENT WARNING: potential ransomware attacks on aged care providers

A major aged care provider has recently suffered a ransomware attack with a partially successful attempt to encrypt and steal confidential data in order to seek ransom payment. The provider has proactively responded and secured their data, but its possible some data has been published. Today the Australian Cyber Security Centre (ACSC) has produced a new advisory to assist you and your organisations. Read More

Aged Care Providers Should Be Teaching Residents How To Use Technology

Let’s make something very clear right from the outset – nothing can, or ever will, replace loving and engaging real-life human contact and interactions. In 2019 though, the vast majority of human interaction is being done online, so much so, that in some ways, it almost seems as if real-life conversations between people only occur... Read More

Data Security Guidelines For Health and Aged Care

It’s a general consensus that banks and financial institutions have a lot to lose financially from being hacked into, however people tend to forget how much Personal Identifiable Information (PII) the health industry holds and just how valuable that is! Think of all the PII a hospital or clinic holds on its staff, patients (past... Read More