Security Market Segment LS
Tuesday, 12 October 2021 10:16

Macquarie Health says Windows Hive ransomware attack still having an effect Featured

Macquarie Health says Windows Hive ransomware attack still having an effect Image by valelopardo from Pixabay

Macquarie Health Corporation says it is still experiencing "significant impacts" from the ransomware attack that it made public on Thursday last week, though the organisation characterised it as a "cyber incident".

In response to a query from iTWire, a spokesman said on Tuesday: "Fortunately, our recovery process is progressing and our ability to deliver care to our patients and support our clinicians has not been compromised."

The breach was staged by a ransomware gang known as Hive that only attacks systems running Microsoft's Windows operating system.

In a fresh advisory, MHC added: "Thank you to our staff for their hard work continuing to deliver patient-centred care with many of our systems remaining off-line.

"We apologise for any inconvenience this disruption may cause and thank our staff, patients, and clinicians for their patience during this situation."

The Hive gang, which claims to have encrypted the MHC files on 25 September, has not said anything on its website to indicate whether it has approached MHC to negotiate a ransom.

Hive has been described as a double-extortion ransomware group — "making their money off of a two-pronged attack: exfiltrating sensitive data before locking up the victims’ systems" — that first made its presence known in June this year.

aparna sundararajan adaptJim Walter and Juan Andres Guerrero-Saade of security shop SentinelLabs said in a blog post about Hive in August: "The group is notable in its undiscerning choice of targets, having no limits when it comes to healthcare providers and hospitals, as evidenced in a recent attack on Memorial Health System hospitals in Ohio.

"Hive ransomware is written in Go to take advantage of the language’s concurrency features to encrypt files faster. Hive remains active with as many as 30 victim companies listed on its Hive Leaks onion site at the time of writing."

Macquarie Health has 12 hospitals which provide surgical procedures, rehabilitation and mental health clinics, skin imaging and dermascopy, medical systems; cosmetic procedures, e-health informatics and data solutions.

The units under its banner are Macquarie Hospital Services, MacRehab, Macquarie Medical Systems, Derma Medical and Machealth eSolutions.

Commenting on the incident, Aparna Sundararajan, [above, right] senior research strategist at specialist research and advisory firm ADAPT, said: "This breach is a reminder that regardless of sector, all organisations are vulnerable to serious security breaches, and will find themselves under attack at some point.

"Ransomware has been the number one cyber security concern for Australian digital leaders over the past few years, and we expect to see threats grow in number and sophistication as criminals target healthcare organisations, often seen as a treasure trove of high-value personal information.

"With healthcare deemed 'Critical Infrastructure' by the Federal Government, we can expect to see tighter cyber security regulation in the future. This will give organisations an even greater imperative to minimise the risk of these attacks.

"To reduce the threat posed by ransomware, security leaders should focus on identifying the most strategic data assets, define an isolation strategy, and adopt measures that offer quick recovery without interrupting normal operations. We have the technology to do so, but it's the security culture at the top that needs prioritising right now.

"We need an open dialogue between organisational leaders and their security teams to build an adequately-funded cyber resilience strategy. Security is everybody's business, and that mindset will help a lot more than holding a small group of people responsible for it all."

Ransomware researcher Brett Callow, who works for the New Zealand-headquartered security shop Emsisoft, told iTWire that ransomware attacks on healthcare providers were insidious.

"They have the potential to impact patient care, possibly resulting in the loss of life. And that's especially true during a pandemic," he added, referring to an article about this on the US site, The Verge.

Read 1099 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News