Healthcare services provider UnitingCare Queensland was allegedly hacked over the weekend, the organisation has announced.
UnitingCare Queensland, which operates a series of nursing homes and hospitals across the state, was breached in an apparent cyber attack on Sunday when the organisation's internal systems became unusable.
In a statement, UnitingCare Queensland outlined that they had reached out to additional organisations for cyber support during this time.
“As soon as we became aware of the incident, we engaged the support of lead external technical and forensic advisors. We also notified the Australian Cyber Security Centre of the incident and are continuing to work with them to investigate the incident,” UnitingCare Queensland wrote.
“Where necessary, manual back-up processes are now in place to ensure continuity of most services. Where manual processes cannot be implemented, services are being redirected or rescheduled accordingly.”
Rick McElroy, principal cyber security strategist at VMware’s security business unit, warned that Australia’s healthcare system is particularly susceptible to cyber attacks.
“The cyber attack across UnitingCare Queensland’s hospitals and aged care facilities highlights the vulnerability of Australia’s healthcare sector to cyber attacks. While the attack methods may vary, most cyber criminals are motivated by a financial incentive. Given the critical nature of data at healthcare organisations, they are often a prime target for attacks, as cybercriminals know patient care is on the line and organisations are more apt to pay,” McElroy said.
“A VMware Carbon Black report has found that 239.4 million attempted attacks on healthcare organisations in 2020, an average of 816 attempted attacks per endpoint. That is a staggering 9,851 per cent increase from 2019.
“We have observed cyber criminals seeking to obtain patient data, which they can later sell on the dark web for a profit and also disrupting operations as leverage as part of a ransomware attack. On the dark web, we have found everything from protected health information (PHI) to COVID-19 test results as well as opportunities to join ransomware affiliate groups, making it easily accessible to millions of cyber criminals who previously didn’t have the tools to carry out these attacks.”
UnitingCare Queensland announced that the will continue to provide updates as the situation continues to unravel.