From: Department of Health <[email protected]> Sent: Sunday, 2 August 2020 4:31 PM > URGENT WARNING OF POTENTIAL RANSOMWARE ATTACKS ON AGED CARE PROVIDERS > A major aged care provider has recently suffered a ransomware attack with a partially successful attempt to encrypt and steal confidential data in order to seek ransom payment. ...
[ The data privacy aspects pale into insignificance in comparison with the denial of access to critical health care data. [ Unfortunately, the standards of data security in organisations of all sizes remains disastrously low. We've long bleated about governments' falure to set baselines and enforce them, e.g.: http://www.rogerclarke.com/EC/SSACS.html#SS http://www.xamax.com.au/EC/ISInfo.pdf http://www.rogerclarke.com/EC/PBAR.html#PB [ But the situation now is no better than it was a decade ago. [ This morning's news of a successful ransom hit underlines the issues: Travel giant CWT pays $6.3m ransom to cyber criminals Jack Stubbs itNews Aug 1 2020 ... The hackers initially demanded a payment of US$10 million to restore CWT's files and delete all the stolen data, according to the messages reviewed by Reuters. ... [ The claim of 'stolen data' remains murky, and likely a red herring. It appears that CWT had failed to establish suitable backup and recovery procuders with a secure and sufficiently up-to-date copy of all relevant data and software, and hence its operations were severely compromised once it was locked out of the live versions of its databases. ] __________ From: Department of Health <[email protected]> Sent: Sunday, 2 August 2020 4:31 PM > URGENT WARNING OF POTENTIAL RANSOMWARE ATTACKS ON AGED CARE PROVIDERS > A major aged care provider has recently suffered a ransomware attack with a > partially successful attempt to encrypt and steal confidential data in order > to seek ransom payment. > The provider has proactively responded and secured their data, but its > possible some data has been published. > Today the Australian Cyber Security Centre (ACSC) has produced a new advisory > to assist you and your organisations. > Please read this > advisory<https://health.us10.list-manage.com/track/click?u=1108de8332cef333bc1956686&id=160c9582f0&e=deb2803d20> > and note the following key recommendations from the ACSC: > Never pay a ransom demand > We recommend you do not pay the ransom if affected by Maze ransomware. There > is no guarantee paying the ransom will fix your devices, and it could make > you vulnerable to further attacks. Restore your files from > backup<https://health.us10.list-manage.com/track/click?u=1108de8332cef333bc1956686&id=59a05712aa&e=deb2803d20> > and seek technical advice. > > Identify and backup critical information and systems > Backing up and > restoring<https://health.us10.list-manage.com/track/click?u=1108de8332cef333bc1956686&id=50d5cdec70&e=deb2803d20> > your files offers peace of mind and makes it faster and easier to get up and > running again following a ransomware attack. > > Keep your systems and software up to date through regular patching > All your personal or business devices including your phone, tablet, computer > or laptop use software to run, such as operating systems like Microsoft > Windows or Apple MacOS; and antivirus, web browsers or word processors at > work. These require regular patching to keep them up to date so that new > vulnerabilities are addressed. > > Use antivirus software and keep it up to date > Install antivirus software on all devices and set the software to > automatically check for > updates<https://health.us10.list-manage.com/track/click?u=1108de8332cef333bc1956686&id=a1bb6fd2c1&e=deb2803d20> > on a daily basis. > You can access this advice as well as broader advice on how to improve your > cyber resilience at > cyber.gov.au<https://health.us10.list-manage.com/track/click?u=1108de8332cef333bc1956686&id=28053164bb&e=deb2803d20>. > Department of Health > > Copyright © 2020 Advice to the Aged Care Industry, All rights reserved. -- Roger Clarke mailto:[email protected] T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Visiting Professor in the Faculty of Law University of N.S.W. Visiting Professor in Computer Science Australian National University _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
