The Meeting Place

Aged care residents ‘prime candidates for identity theft’ as operator battles cyber attack

The aged care sector is dealing with many challenges due to the pandemic and now high-profile operator Regis has been hit by an international cyber attack that has stolen sensitive personal data.

The $400 million operator told investors that an “overseas third party” was responsible for an attack on its operations resulting in data being copied from its servers and publicly released.

“The company is contacting parties whose personal data has been publicly released,” Regis said in a statement.

Nine reports that the data breach includes personal information relating to a small number of residents at Regis facilities and a staff member.

A file of documents seemingly related to the company's Burnside facility in Adelaide was posted to a public website last weekend.

The federal government's cyber security centre issued a “critical” warning on Sunday that ransomware known as Maze was threatening aged care facilities across the country, Nine reported.

“The ‘Maze’ ransomware is designed to lock or encrypt an organisation’s valuable information so that it can no longer be used and has been observed being used alongside other tools which steal important business information,” the centre said.

The cyber threat adds to the problems experienced by aged care operators fighting to contain coronavirus outbreaks.

Damien Manuel, director of the Cyber Security Research and Innovation Centre at Deakin University, said aged care residents were “prime candidates for identity theft”.

“Aged care will have details and personal information on file which would have value, including next-of-kin information,” he said.

 

3 comments

Just what aged care doesn't need at the moment.

Not only identity theft RnR but possessions theft. Many years ago Our dear friend's brother was in a Nursing Home. He loved watching his T.V. He was having an afternoon nap and when he awoke the T.V. was missing. He called out to the Nurse in Charge and asked about the T.V., she said 2 men came into the Home and said they were there to pick up a T.V. that was not working. It turns out these men actually stole a few T.V's from different patients. They were never caught. What a low act. 

I believe that such data thefts and ransom demands are easily prevented, just pull the plug on the internet connection. In days before computer interconnectivity such data was held on paper in a locked security cabinet or safe, these days it seems to be deemed necessary to hold sensitive data on computer files which are accessible to the internet, ie a virtual unlocked location. A Local Area Network (LAN) is still available, just do not connect to a Wide Area Network (WAN). As for ransomware, easily defeated by daily backup to an external hard drive, worst case scenario is the loss of one days data. 

3 comments