The company has not apparently agreed to pay the ransom demanded by the attackers because they have put up data stolen during the incident on the Maze website on the dark Web.
Of itself, Regis says it was established nearly 30 years ago, and provides services to more than 7000 older Australians through 65 residential aged care homes, six home care services, five day therapy centres and six retirement villages.
In its note to the ASX, Regis said it had been targeted by a foreign actor. "The company promptly implemented its back-up and business continuity systems and the incident did not affect delivery of resident care or services. The incident is not materially impacting Regis Healthcare’s day-to-day operations," the note, issued in the name of chief financial officer Rick Rostolis, said.
A screenshot of a portion of the data posted on the Maze website on the dark web.
"The company has also reported the incident to the Office of the Australian Information Commissioner, the Australian Cyber Security Centre and other regulatory bodies."
“Our priority is maintaining safe and reliable operations while ensuring the security of personal information of our residents, clients, and employees. To this end, we are working with expert IT and security advisors to continue to investigate and deal with this incident,” said managing director and chief executive Dr Linda Mellors.
The company has its national office in the Melbourne suburb of Dandenong.
Maze has been used widely by a number of criminal groups and was used to attack the global technology firm Pitney Bowes.
Other attacks of note have been on the Texas foundry group X-FAB, a Thailand power authority, the Belgian accounting firm HLB, the global defence group ST Engineering, the Sydney strata management company Strata Plus, well-known Indian sweets manufacturer Halidram's, and technology consulting company Cognizant.
Commenting on the incident, Jacqueline Jayne, security awareness advocate at social engineering training firm KnowBe4, said: “Aged care facilities are a very attractive target for cyber criminals due to the nature of the information they hold on their patients - information that once obtained can be used for identity theft and sold multiple times on the dark Web.
"This is not only health-related data as the addition of personally identifiable information is also there for the taking. Once illegal access has been obtained into an aged care facility, there is also information available for employees, vendors, general business information which provides even more reason for cyber criminals to target this sector.
"When you consider the completeness of information available on an individual, it is clear as to why it is so popular to cyber attacks as the dollar value of the data increases significantly.
"The recently released Notifiable Data Breaches report from the OAIC lists health service providers as the top industry sectors to report breaches from January to June this year with 115 notifications.
"Ransomware enters a computer as a result of a cyber criminal entrapping or manipulating a human into taking action. This action could be clicking on a link or opening an attachment in a phishing email, or by clicking on a link outside of their email that opened a malicious website. From there, the cyber criminals deploy their ransomware.”