Aged care residents ‘prime candidates for identity theft’ as operator battles cyber attack
The aged care sector is dealing with many challenges due to the pandemic and now high-profile operator Regis has been hit by an international cyber attack that has stolen sensitive personal data.
The $400 million operator told investors that an “overseas third party” was responsible for an attack on its operations resulting in data being copied from its servers and publicly released.
“The company is contacting parties whose personal data has been publicly released,” Regis said in a statement.
Nine reports that the data breach includes personal information relating to a small number of residents at Regis facilities and a staff member.
A file of documents seemingly related to the company's Burnside facility in Adelaide was posted to a public website last weekend.
The federal government's cyber security centre issued a “critical” warning on Sunday that ransomware known as Maze was threatening aged care facilities across the country, Nine reported.
“The ‘Maze’ ransomware is designed to lock or encrypt an organisation’s valuable information so that it can no longer be used and has been observed being used alongside other tools which steal important business information,” the centre said.
The cyber threat adds to the problems experienced by aged care operators fighting to contain coronavirus outbreaks.
Damien Manuel, director of the Cyber Security Research and Innovation Centre at Deakin University, said aged care residents were “prime candidates for identity theft”.
“Aged care will have details and personal information on file which would have value, including next-of-kin information,” he said.