UnitingCare Queensland Ransomware Attack Impacts Major Brisbane Hospitals


Hospital and aged care provider UnitingCare Queensland experienced a major cyber incident on Sunday, April 25. Ransomware software has targeted UnitingCare’s internal IT systems. That has forced some of Brisbane’s biggest hospitals to resort to manual back up processes.

On Monday, UnitingCare Queensland confirmed the attack. In a statement, they said external technical and forensic advisors were working to restore systems, but a resolution timeframe was not yet in place. In addition, the Australia Cyber Security Centre (ACSC) was notified and is now involved.

UnitingCare Queensland runs two big Brisbane hospitals, St Andrew’s War Memorial and Wesley Hospitals. They also operate several smaller hospitals in and are active across the aged care, disability support, and crisis response sectors.

The attack is affecting the UnitingCare’s operational systems, including internal email and patient management systems. Sunday’s incident is the latest in a series of attacks that have targeted healthcare providers in Australia. Aged care specialist Regis was impacted by a Windows Maze ransomware attack last August.

In September, Anglicare Sydney lost around 17GB of client data during a ransomware attack. Last month, Eastern Health in Melbourne experienced a cyber-attack resulting in IT systems going offline and some surgeries been cancelled.

Jacqueline Jayne, a security awareness advocate at cybersecurity consultancy, KnowBe4, said aged care and health care facilities are attractive targets for cyber-attacks because of the amount of personal data they have.

“This is not only health-related data, but personally identifiable information (PII) is also there for the taking.

“When you consider the completeness of information available on an individual, it is clear as to why it is so popular to cyber-attacks as the dollar value of the data increases significantly.”

Following the cyber incidents against Regis and Anglicare Sydney in 2020, the ACSC flagged the vulnerability of the aged and healthcare sectors by financially motivated cybercriminals. The ACSC also said this was because of the sensitive personal and medical information they hold.

In addition to using personal data for identity theft and selling it on the dark web, functioning IT systems are critical for patient care. Attacks on aged and healthcare providers offer cybercriminals the chance to profit from selling personal data and restoring the provider’s IT systems.

In the six months to December 31, 2020, the Office of the Australian Information Commissioner (OAIC) received 539 data breach notifications, up 5% on the previous six months. Of those 539 breaches, 23% (or 124 incidents) came from the health and aged care sectors. Malicious or criminal cyber-attacks accounted for 58% of all notifications.

Traditionally vulnerable to cyber-attacks, aged and health care providers like UnitingCare Queensland are now having to fortify their IT systems. But that takes time and money. In the meantime, it is a game of cat and mouse for profit-orientated cybercriminals.

UnitingCare Queensland advises it is working to resolve the cyber-attack as quickly as possible.