Protecting the personal and medical information of our loved ones is important not only to individuals but also to the organisations who are entrusted with that information to support their health and living needs.  A breach of data or impacts from a financial scam can have serious health consequences for our older population as these types of scams can cleverly trick them out of thousands of dollars.  An outage of technology that supports aged care services can impact their health if doctors and nurses may not be able to access patient records or provide critical health care.

Alerts from the Australian Cyber Security Centre

In August 2020 the Australian Cyber Security Centre (ACSC)reported, in an alert titled “2020-013 Ransomware targeting Australian aged care and healthcare sectors (1), that they were aware of recent ransomware campaigns targeting the aged care and healthcare sectors and noted that cybercriminals view the aged care and healthcare sectors as lucrative targets for ransomware attacks. This is because of the sensitive personal and medical information they hold, and how critical this information is to maintaining operations and patient care. The ACSC state that a significant ransomware attack against a hospital or aged care facility would have a major impact.

In the alert they stated they have noticed there has been a significant increase in healthcare or COVID-19 themed malicious cyber activity, including targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the ‘Maze’ ransomware.  The ‘Maze’ ransomware is designed to lock or encrypt an organisation’s valuable information, so that it can no longer be used, and has been observed being used alongside other tools which steal important business information. Cybercriminals may then threaten to post this information online unless a further ransom is paid.

Aged Care Data Breach and Cyber Security Events

UnitingCare Queensland April 2021

UnitingCare Queensland, who runs the Wesley and St Andrew's hospitals in Brisbane, St Stephen's Hospital in Hervey Bay and the Buderim Private Hospital on the Sunshine Coast, and dozens of aged care and disability services throughout the state, was attacked by ransomware software, with all UCQ hospitals and aged care homes working without IT system for a period of time. Doctors were told not to expect to be able to access vital patient information and details like x-rays (2). A UnitingCare spokesperson told the media that “on Sunday 25 April, 2021UnitingCare Queensland was impacted by a cyber incident. As a result of this incident, some of the organisation's Digital and Technology systems are currently inaccessible,". A patient last week told the ABC they knew immediately there was a problem when the wi-fi stopped working on April 25,then they noticed staff struggling with communication and accessing patient records (3). The UnitingCare cyber attack was claimed by notorious ransom gangREvil/Sodin.

Impacts of this event to UnitingCare Queensland

• Some of the organisation's digital and technology systems were inaccessible.
• Staff struggled with communication and accessing patient records according to a patient.
• The ABC revealed UnitingCare had been cut off from the Commonwealth's My Health Record system as a result of the hacking, (as a precaution and likely temporarily).

Uniting Communities June 2021

Uniting Communities, who delivers support to an estimated74,000 South Australians every year across service areas including foster care, mental health counselling, disability support, elder care, homelessness support, and drug and alcohol counselling, reported to media they had been impacted by a cyber incident that has restricted access to some of their technology systems (4).

Impacts of this event to Uniting Communities

• Restricted access to some of their technology systems. Systems involving rostering and setting appointments were among those affected.
• Forensic investigations required to determine whether any data breach has occurred.
• Australian Cyber Security Centre notifications.

Key cyber threats to the Aged Care Industry

Ransomware attack that results in the loss of key systems and records required to manage operations effectively. Flow on effects to the organisation could be loss of health services to clients, reputational impacts due to security concerns families would raise over their families data and financial impacts from recovery tasks such as forensics, legal and technical remediation activities.

Malicious software used to exfiltrate/ steal sensitive personal information. This could result in a loss of very sensitive personal information about clients who would then be more vulnerable to identity theft and targeted attacks using social engineering techniques such as a hacker calling up and asking for aged car related payments or other types of financial transactions.

Key controls to consider

• Identify your critical data. Know what data is most important to you.
• Backup critical information, your most important data, and systems.
• Keep your systems and software up to date through regular patching.
• Use antivirus software and keep it up to date.
• Ensure your incident response plan has a specific guideline for what to do if you’re held to ransom. The ACSC published a guide here: cyber.gov.au/ransomware/what-to-do
• Remain vigilant and informed. Sign up to get free cybersecurity alerts through various government and industry threat intelligence organisations. These services will send you an alert when a new cyber threat is identified.

References

1. https://www.cyber.gov.au/acsc/view-all-content/advisories/2020-013-ransomware-targeting-australian-aged-care-and-healthcare-sectors
2. https://www.9news.com.au/national/uniting-care-queensland-hospitals-aged-cared-crippled-following-cyber-attack-ransomware/29779a34-40ef-456e-9b51-6f4080a070d6
3. https://www.abc.net.au/news/2021-05-06/qld-uniting-care-hack-revil-revealed/100118590
4. https://www.abc.net.au/news/2021-06-16/uniting-communities-investigating-cyber-incident-in-sa/100220748

‍