iTWire understands the "cyber incident" is a ransomware attack, in this case by a group known as Hive or HiveLeaks that attacks systems running Microsoft's Windows operating system.
Researchers from infosec firm SentinelLabs describe Hive as a double-extortion ransomware group — "making their money off of a two-pronged attack: exfiltrating sensitive data before locking up the victims’ systems" — that first made its presence known in June this year.
Jim Walter and Juan Andres Guerrero-Saade said in a blog post about Hive in August: "The group is notable in its undiscerning choice of targets, having no limits when it comes to healthcare providers and hospitals, as evidenced in a recent attack on Memorial Health System hospitals in Ohio.
PSA: If you are dealing with a Hive ransomware incident and some of the affected servers are ESXi servers, ensure that these servers are not rebooted. These dumbos create some of the key files required to decrypt the data in non-persistent locations. Reboot = all data gone.— Fabian Wosar (@fwosar) October 7, 2021
And they added: "While many active ransomware groups have committed to forgoing attacks on medical targets in deference to the current global situation, Hive is not one of them.
"On 15 August, news broke of a Hive campaign against Memorial Health System, an Ohio healthcare provider. As a result, the hospital was forced to advise some patients to seek treatment at separate facilities."
On its website on the dark web, the attackers claimed to have pilfered 225GB of data from Macquarie Health Corporation during the attack.
The ransomware used in this attack, Hive, is a PITA. For example, the decryptor spends >30 minutes initializing on EVERY system. So, if a company has 100 encrypted systems, >50 hrs will be wasted just on initializations. https://t.co/bBtkC2vfiW— Brett Callow (@BrettCallow) August 16, 2021
The attackers claimed the exfiltrated data included medical records, research and personal data of 6717 people, financial documents, bank balances and tax deductions among others.
In a statement, dated Thursday, Macquarie Health Corporation said: "The incident has not impacted our ability to deliver patient care. As always, we remain committed to the ongoing delivery of clinical services to our patients.
"We apologise for any inconvenience this disruption may cause and thank our staff, patients, and clinicians for their patience during this situation. We will keep you informed through further updates."
Macquarie Health was set up in 1973 by Dr Thomas Wenkart in Sydney, according to information at the company's website.
It has 12 hospitals which provide surgical procedures, rehabilitation and mental health clinics, skin imaging and dermascopy, medical systems; cosmetic procedures, e-health informatics and data solutions.
The companies under its banner are Macquarie Hospital Services, MacRehab, Macquarie Medical Systems, Derma Medical and Machealth eSolutions.
Contacted for comment, Brett Callow, a seasoned ransomware threat researcher from the New Zealand-headquartered security shop Emsisoft, said: "Hive's victims include multiple public sector organisations, including organisations in the healthcare and education sectors.
"It's also a particularly problematic ransomware from a recovery perspective. Hive has an absurd crypto scheme that makes restoration even more time-consuming that usual, with sloppy coding making data loss a real possibility."