Aged care providers are being warned to shore up sensitive data after Australian operator Regis was hit with a cyberattack.
The provider told investors this morning that the attack on its Burnside facility was at the hands of an “overseas third party”, who encrypted and stole confidential data in order to seek ransom payment.
Regis managed to secure its data but some information was publicly released.
In a statement, Regis said it was contacting parties whose personal data was leaked.
Dr Linda Mellors, managing director of Regis Healthcare, said: “Our priority is maintaining safe and reliable operations while ensuring the security of personal information of our residents, clients and employees.
“To this end, we are working with expert IT and security advisers to continue to investigate and deal with this incident.”
The incident was reported to the Office of the Australian Information Commissioner, the Australian Cyber Security Centre (ACSC) and other regulatory bodies.
The ACSC said cyber criminals view the aged care and healthcare sectors as lucrative targets for ransomware attacks because of the bevy of sensitive personal and medical information they hold.
The centre said the Maze ransomware that the hackers used is designed to lock or encrypt an organisation’s valuable information so that it can no longer be used, and has been observed being used alongside other tools which steal important business information.
“Cyber criminals may then threaten to post this information online unless a further ransom is paid,” the centre said in a statement. “This is especially effective in the aged care and healthcare sectors.”
The group recommended any Australian organisation infected by Maze ransomware should seek its assistance.
“Keeping software up to date and having current backups stored offline is the best way to protect your organisation from a ransomware attack,” the cybersecurity experts said.
The ACSC also recommended against paying a ransom demand. “There is no guarantee paying the ransom will fix your devices, and it could make you vulnerable to further attacks.”Do you have an idea for a story?
Email [email protected]