Aged-care facility hacked as personal data is released

3 August 2020

Written by: Peter White

Overseas hackers have released personal information after an attack on a Melbourne aged-care home.

A Melbourne aged-care facility in the midst of a coronavirus outbreak has been attacked by hackers, releasing personal data from the facility.

Regis Healthcare was targeted by hackers over the weekend by an overseas third party who managed to publicly release data from the facility.

The documents released included details of individual residents’ care and accomodation agreements, employee appraisals and passwords relating to the facility, which were published on a public website.

Regis Healthcare Managing Director Dr Linda Mellors confirmed the attack to NCA Newswire.

She said the hacker attempted to disrupt the company’s operations, as they copied some data from the IT system and released “certain personal data” publicly.

“Our priority is maintaining safe and reliable operations while ensuring the security of personal information of our residents, clients, and employees,” she said.

Linda Mellors assured NCA Newswire that the situation would be dealt with.

“To this end, we are working with expert IT and security advisers to continue to investigate and deal with this incident,” she said.

The Australian Cyber Security Centre (ACSC) noticed the attack after announcing a recent “significant increase in healthcare or COVID-19 themed malicious cyber activity”.

“This is because of the sensitive personal and medical information they hold, and how critical this information is to maintaining operations and patient care,” they said.

The ACSC explained the concept of the ‘Maze’ ransomware, which is “designed to encrypt the valuable information of an organisation, so that it can no longer be used”.

“Cyber criminals may then threaten to post this information online unless a further ransom is paid. This is especially effective in the aged care and healthcare sectors,” they said.

The ACSC highly suggests companies should not pay the ransom demand by hackers who may target other companies with the Maze ransomware.

“There is no guarantee paying the ransom will fix your devices, and it could make you vulnerable to further attacks,” they said.

Photo: Someone programming a website in HTML by Mika Baumeister available HERE and used under a Creative Commons Attribution. The image has not been modified.