Ransomware attack a timely reminder for aged care providers

Jay Malone, Novigi Client Partner, Health Aged and Community Services

In this guest post, Jay Malone – Novigi Client Partner, Health Aged and Community Services – discusses the ongoing importance of cybersecurity protection in Australia’s aged care industry.

This week, UnitingCare Queensland has found themselves the latest victim in a line-up of Australian health and aged care providers who have been the target of ransomware attacks.

It was only 7 months ago when The Australian Cyber Security Centre (ACSC) issued the industry with a critical alert following a surge in malicious ransomware targeting Australian aged and health care organisations. This came after providers Anglicare Sydney and Regis Healthcare’s data was compromised by ransomware – the same variety of malware used in the attack on UnitingCare Queensland this week.

Ransomware is used by cybercriminals to deny an organisation access to their data and devices, demanding monetary compensation to regain control or risk the publication and/or loss of these assets.

In late November 2020, the Aged Care Royal Commission itself was targeted, with 59 of its documents involved in a cybersecurity incident. The ACSC has said that it is now evident from this string of malicious attacks that cybercriminals see the aged and health care industries as ‘lucrative targets’, especially vulnerable to ransomware. In its Critical Alert Update, the ACSC attributes this to the undeniably adverse repercussions that the loss of sensitive personal and medical information would have on aged and health care providers’ operations and patient care.

This most recent attack on UnitingCare Queensland must serve as a critical reminder for aged care providers to not let their guards down, and practice vigilance when it comes to their cybersecurity strategies. This is especially relevant as the Aged Care Royal Commission’s Final Report, released in March 2021, calls for the industry’s universal adoption of digital technology, improved data governance and a minimum data standard that allows for easier data sharing, integration and interoperability among providers and allied services. Aged Care Providers specifically should be preparing strategies to effectively manage more data than ever before in order to experience the benefits of digital transformation, including enhanced operational insight, effective decision making and compliance capability.

However, just as pen-and-paper record-keeping came with its own set of operational risks, so does the move to managing these processes digitally, namely and evidently, in the realm of cybersecurity. Providers should strive to build an effective Data Governance Framework in collaboration with a trusted and knowledgeable data solutions provider, supported by processes and best practice.

In addition to defending against external attackers, aged care providers should also look internally to ensure cybersecurity compliance. During a 6 month span in 2019, the health sector had the highest number of reportable breaches in comparison with other industries — 117 — with 43% of them being caused by human error. These instances are made up of the opening of malicious emails or allowing unauthorised access to sensitive personal data.

Adequately educating and supporting care staff and employees in the use, access, storage, disposal and protection of organisational data in the move to digital processes will be invaluable for preventing cyber-attacks and data breaches in the aged care industry. In addition to this, governance processes should include updating software with the most recent security patches, keeping updated with the latest ACSC advice, backing up data and having contingency plans to manage cyber incidents.

It is a transformative time in the aged care industry. These cyber-attacks remind us that providers must ensure that their data governance and cybersecurity frameworks are up to the exciting task of organisational digital evolution.


Please enter your comment!
Please enter your name here