UnitingCare Queensland security incident takes some systems offline

Sunday's cybersecurity incident has left some of UnitingCare Queensland's systems inaccessible, it said.
Written by Asha Barbaschow, Contributor

UnitingCare Queensland has confirmed it has fallen victim to a cyber incident, rendering some of its systems inaccessible.

The organisation, which provides aged care, disability supports, health care, and crisis response services throughout the state, said the incident occurred on Sunday 25 April 2021.

"As a result of this incident, some of the organisation's digital and technology systems are currently inaccessible," it said in a statement.

"As soon as we became aware of the incident, we engaged the support of lead external technical and forensic advisors."

UnitingCare also notified the Australian Cyber Security Centre (ACSC) of the incident and said it was continuing to work with them to investigate the incident.

It said where necessary, manual back-up processes are in place to ensure continuity of most of UnitingCare's services.

"Where manual processes cannot be implemented, services are being redirected or rescheduled accordingly," it added.

The organisation said that given the incident only occurred this week, it isn't currently possible to provide a resolution timeframe. It said, however, its digital and technology team are working to resolve things as swiftly as possible.

"We are committed to keeping our people, patients, clients, and residents informed and safe as we work to resolve this incident, and will provide further relevant updates as new information comes to hand," the statement continued.

Last year, the ACSC issued an alert to aged care and healthcare providers, notifying them of recent ransomware campaigns targeting the sector.

"Cybercriminals view the aged care and healthcare sectors as lucrative targets for ransomware attacks," the ACSC wrote. "This is because of the sensitive personal and medical information they hold, and how critical this information is to maintaining operations and patient care. A significant ransomware attack against a hospital or aged care facility would have a major impact."

Last month, a "cyber incident" suffered by Eastern Health facilities in Victoria resulted in the cancellation of some surgeries across the state.

Eastern Health operates the Angliss, Box Hill, Healesville, and Maroondah hospitals, and has many more facilities under management.

At the time, Eastern Health took many of its systems offline as a precaution response to the incident. By April 15, it reported the majority of its IT systems were restored.

Swinburne University of Technology in early April also confirmed personal information on staff, students, and external parties had inadvertently made its way into the wild; and Transport for New South Wales (TfNSW) confirmed in February it was impacted by a cyber attack on a file transfer system owned by Accellion.  

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia


Elsewhere in the health sector, the Australian government on Monday confirmed telehealth services put in place as a response to COVID-19 would continue for another six months.

As part of the 2021-22 Budget, the government said it would be investing more than AU$114 million to extend telehealth until the end of the year. 

The extension of telehealth includes services for general practitioners, medical practitioners, specialists, consultant physicians, nurse practitioners, participating midwives, allied health providers, and dental practitioners.

"The extension will ensure that Australians can continue to see their GP, renew scripts, and seek mental health support from the safety of their own home," Health Minister Greg Hunt said. "This allows vulnerable Australians to feel protected and supported during these unprecedented times."

From 13 March 2020 to 21 April 2021, Hunt said over 56 million COVID-19 Medicare Benefits Scheme telehealth services have been delivered to 13.6 million patients, with AU$2.9 billion in Medicare benefits paid. More than 83,540 providers have used telehealth services.

Although content with the extension, Labor has asked for further permanency.

"Greg Hunt said last November that telehealth will become a permanent feature of our Medicare system yet all he does is on a six month by six month basis is extend the uncertainty," Shadow Minister for Health Mark Butler said.

"It is time for the government finally to make a decision about what the permanent telehealth arrangements are going to be for Medicare."


Editorial standards