[BreachExchange] UnitingCare Queensland security incident takes some systems offline

Thu Apr 29 10:33:46 EDT 2021

https://www.zdnet.com/article/unitingcare-queensland-security-incident-takes-some-systems-offline/

UnitingCare Queensland has confirmed it has fallen victim to a cyber
incident, rendering some of its systems inaccessible.

The organisation, which provides aged care, disability supports, health
care, and crisis response services throughout the state, said the incident
occurred on Sunday 25 April 2021.

"As a result of this incident, some of the organisation's digital and
technology systems are currently inaccessible," it said in a statement.

"As soon as we became aware of the incident, we engaged the support of lead
external technical and forensic advisors."

UnitingCare also notified the Australian Cyber Security Centre (ACSC) of
the incident and said it was continuing to work with them to investigate
the incident.

It said where necessary, manual back-up processes are in place to ensure
continuity of most of UnitingCare's services.

"Where manual processes cannot be implemented, services are being
redirected or rescheduled accordingly," it added.

The organisation said that given the incident only occurred this week, it
isn't currently possible to provide a resolution timeframe. It said,
however, its digital and technology team are working to resolve things as
swiftly as possible.

"We are committed to keeping our people, patients, clients, and residents
informed and safe as we work to resolve this incident, and will provide
further relevant updates as new information comes to hand," the statement
continued.

Last year, the ACSC issued an alert to aged care and healthcare providers,
notifying them of recent ransomware campaigns targeting the sector.

"Cybercriminals view the aged care and healthcare sectors as lucrative
targets for ransomware attacks," the ACSC wrote. "This is because of the
sensitive personal and medical information they hold, and how critical this
information is to maintaining operations and patient care. A significant
ransomware attack against a hospital or aged care facility would have a
major impact."

Last month, a "cyber incident" suffered by Eastern Health facilities in
Victoria resulted in the cancellation of some surgeries across the state.

Eastern Health operates the Angliss, Box Hill, Healesville, and Maroondah
hospitals, and has many more facilities under management.

At the time, Eastern Health took many of its systems offline as a
precaution response to the incident. By April 15, it reported the majority
of its IT systems were restored.

Swinburne University of Technology in early April also confirmed personal
information on staff, students, and external parties had inadvertently made
its way into the wild; and Transport for New South Wales (TfNSW) confirmed
in February it was impacted by a cyber attack on a file transfer system
owned by Accellion.

Need to disclose a breach? Read this: Notifiable Data Breaches scheme:
Getting ready to disclose a data breach in Australia

TELEHEALTH GETS BUDGET BOOST
Elsewhere in the health sector, the Australian government on Monday
confirmed telehealth services put in place as a response to COVID-19 would
continue for another six months.

As part of the 2021-22 Budget, the government said it would be investing
more than AU$114 million to extend telehealth until the end of the year.

The extension of telehealth includes services for general practitioners,
medical practitioners, specialists, consultant physicians, nurse
practitioners, participating midwives, allied health providers, and dental
practitioners.

"The extension will ensure that Australians can continue to see their GP,
renew scripts, and seek mental health support from the safety of their own
home," Health Minister Greg Hunt said. "This allows vulnerable Australians
to feel protected and supported during these unprecedented times."

>From 13 March 2020 to 21 April 2021, Hunt said over 56 million COVID-19
Medicare Benefits Scheme telehealth services have been delivered to 13.6
million patients, with AU$2.9 billion in Medicare benefits paid. More than
83,540 providers have used telehealth services.

Although content with the extension, Labor has asked for further permanency.

"Greg Hunt said last November that telehealth will become a permanent
feature of our Medicare system yet all he does is on a six month by six
month basis is extend the uncertainty," Shadow Minister for Health Mark
Butler said.

"It is time for the government finally to make a decision about what the
permanent telehealth arrangements are going to be for Medicare."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210429/e31a4c38/attachment.html>