UnitingCare Queensland hit by ransomware attack

By Dylan Bushell-Embling
Tuesday, 27 April, 2021

UnitingCare Queensland has fallen victim to a ransomware attack that has taken some of the organisation’s digital and technology systems offline.

The community service group has notified the Australian Cyber Security Centre (ACSC) about the incident and is working with the agency to investigate the cause, UnitingCare Queensland said in a statement.

Manual backup processes are being put in place to ensure continuity of most services, with other services not able to be implemented manually being redirected or rescheduled.

The attack represents the latest example of cyber attackers targeting the aged-care and healthcare sectors with ransomware. The ACSC issued an alert in August last year warning that multiple campaigns are targeting the sector.

The ACSC has recommended that providers targeted with ransomware never pay a demand, as there is no guarantee that paying the victim will result in encrypted data being unlocked, and because this could make organisations vulnerable to further attacks.

KnowBe4 security awareness advocate Jacqueline Jayne said aged-care facilities make a very attractive target for cybercriminals due to the nature of the information they hold on their patients.

“Information that, once obtained, can be used for identity theft and sold multiple times on the dark web. This is not only health-related data as the addition of personally identifiable information (PII) is also there for the taking,” she said.

“Once illegal access has been obtained into an aged-care facility there is also information available for employees, vendors, general business information which provides even more reason for cybercriminals to target this sector.”

Meanwhile, VMWare Principal Cybersecurity Strategist Rick McElroy said the attack has highlighted the vulnerability of Australia’s healthcare sector to cyber attacks.

“Ransomware as a service (RaaS) has risen in popularity providing cybercriminals with the necessary tools to carry out these types of attacks — this has created the opportunity for millions to easily target healthcare organisations. Compounding these risks is the adage of affiliate programs for ransomware groups, providing new and unique ways for malware operators to have others deploy their payloads for a cut of the eventual profits,” he said.

“We’re also seeing a lot of secondary extortion, in which cybercriminals look to profit twice from an attack, forcing organisations to not only pay to decrypt data but also prevent sensitive data from being sold or released publicly,” McElroy said.

Image credit: ©stock.adobe.com/au/Blue Planet Studio