UnitingCare Queensland (UCQ) , a provider of hospital and aged care services, was hit by cyber attack this week that prevented many of its services being accessible.
Principal Cybersecurity Strategist, VMware Security Business Unit, Rick McElroy, said, “The cyber attack across UnitingCare Queensland’s hospitals and aged care facilities highlights the vulnerability of Australia’s healthcare sector to cyberattacks. While the attack methods may vary, most cybercriminals are motivated by a financial incentive. Given the critical nature of data at healthcare organisations, they are often a prime target for attacks, as cybercriminals know patient care is on the line and organisations are more apt to pay.
A VMware Carbon Black report has found that 239.4 million attempted attacks on healthcare organisations in 2020, an average of 816 attempted attacks per endpoint. That is a staggering 9,851% increase from 2019.
We have observed cybercriminals seeking to obtain patient data, which they can later sell on the dark web for a profit and also disrupting operations as leverage as part of a ransomware attack. On the dark web, we have found everything from protected health information (PHI) to COVID-19 test results as well as opportunities to join ransomware affiliate groups, making it easily accessible to millions of cybercriminals who previously didn’t have the tools to carry out these attacks.
The Australian Cyber Security Centre (ACSC) recently released a cybersecurity report for health sector which found that ransomware is currently the most significant cybercrime threat to the Australian health sector.
Ransomware-as-a-service (RaaS) has risen in popularity providing cybercriminals with the necessary tools to carry out these types of attacks – this has created the opportunity for millions to easily target healthcare organisations. Compounding these risks is the adage of affiliate programs for ransomware groups, providing new and unique ways for malware operators to have others deploy their payloads for a cut of the eventual profits. We’re also seeing a lot of secondary extortion, in which cybercriminals look to profit twice from an attack, forcing organizations to not only pay to decrypt data but also prevent sensitive data from being sold or released publicly.
For healthcare organisations, understanding the evolving threat landscape is half the battle. There are three things to keep in mind to help stay one step ahead of attackers: next-generation antivirus (AV), endpoint protection and IT tracking tools. Endpoint protection platforms should incorporate defenses for each phase of ransomware attacks: the delivery, propagation, and encryption stages. It’s important for organisations to ensure they can easily provision access to new users while maintaining data privacy, compliance, and security practices.”
