Australian community services organisation UnitingCare experienced a cyberattack on Sunday, reportedly affecting at least two hospitals in its vast network in Queensland.
The Wesley and St Andrews hospitals reportedly issued text messages to visiting medical staff advising them about the cybersecurity incident, The Courier Mail reported.
In a statement provided to The Epoch Times, a UnitingCare Queensland (UCQ) spokesperson said the cyber incident affected the organisation’s Digital and Technology systems, which are currently inaccessible.
“As soon as we became aware of the incident, we engaged the support of lead external technical and forensic advisors,” the statement read.
UCQ referred to the Australian Cyber Security Centre (ACSC), which did not immediately respond to a request for comment.
“Where necessary, manual back-up processes are now in place to ensure continuity of most services. Where manual processes cannot be implemented, services are being redirected or rescheduled accordingly.
“Due to the recency of the incident, it is not possible to provide a resolution timeframe at this stage, however, our Digital and Technology team are working to resolve this issue as swiftly as possible,” the statement read.
“We are committed to keeping our people, patients, clients and residents informed and safe as we work to resolve this incident and will provide further relevant updates as new information comes to hand.”
Premier Annastacia Palaszczuk said the cyberattack was “very concerning.”
Rick McElroy, principal cybersecurity strategist, VMware Security Business Unit told The Epoch Times there are two main reasons health care providers are targetted for cyberattacks.
“First, the rapid adoption of new technology alongside a long legacy list of technology creates a huge attack surface,” he said. “Secondarily, the sense of urgency when human lives are involved generally create a greater sense of urgency than in other verticals, thus allowing for a higher infection to payout rate for cybercriminals.”
McElroy said these attacks are fueled by the Dark Web where cybercriminals provide Ransomware-as-a-service and phishing-as-a-service for hire.
“It actually doesn’t take any technical knowledge to launch these attacks today,” he said. “You can simply pay a service via cryptocurrency and scale with as much initial investment as you want. This is a huge economy.”
The cybersecurity expert said that the internet has been weaponised and organisations, like UnitingCare, are left on their own to defend against an ever-rising level of sophistication from attackers.
Between July 2019 and June 2020, the ASCS received one cybersecurity report every 10 minutes—or 164 each day—with some taking weeks or months to resolve.
In September last year, the ACSC published a cyber threat report that revealed cyber threats were getting worse as more home devices relied on internet connections, such as fridges, home assistants, and baby monitors.
“Malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication,” the ACSC Annual Cyber Threat Report stated.
Australia’s cyber adversaries are becoming more adept as the country increasingly relies on new IT platforms and interconnected devices and systems.
“Cybercrime is one of the most pervasive threats facing Australia, and the most significant threat in terms of overall volume and impact to individuals and businesses,” the ACSC report stated.
McElroy said there is a “cyber arms race” going on. “Because governments have not formally agreed to the definition of cyber war, it is hard to definitively say there is a war going on,” he said.
“But if it looks like a duck, walks like a duck and quacks like a duck, it probably is a duck.”