Australian NCSC coordinates response to major health information ransomware breach
The Australian National Cyber Security Coordinator (NCSC) revealed that a commercial health information organization had reported being the target of a significant ransomware data breach incident.
“I am working with agencies across the Australian Government, states and territories to coordinate a whole-of-government response to this incident,” Michelle McGuinness, Australian NCSC, wrote in a Thursday LinkedIn post. “The Australian Signals Directorate Australian Cyber Security Centre is aware of the incident and the Australian Federal Police is investigating.”
Furthermore, the Coordinator disclosed “We are in the very preliminary stages of our response and there is limited detail to share at this stage, but I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident.”
Commenting on the incident, Clare O’Neil, Australia’s Minister for Home Affairs and Minister for Cyber Security, wrote in a LinkedIn post that she had been briefed on this incident in recent days and the government convened a National Coordination Mechanism regarding this matter today.
“The National Cyber Coordinator, Michelle McGuinness, is leading work across the Australian Government to support the company in managing this large-scale ransomware incident,” O’Neil noted.
She mentioned that updates will be provided in due course while adding that speculation at this stage risks undermining significant work underway to support the company’s response.
The disclosure of the ransomware data breach incident at an Australian commercial health information organization comes as Washington D.C.-based Ascension Healthcare continues to make progress towards restoration and recovery following the recent ransomware attack.
“We continue to work with industry-leading forensic experts from Mandiant to conduct our investigation into this attack and understand the root cause and how this incident occurred,” Ascension said in its Wednesday statement. “In parallel, we have brought in additional cybersecurity experts from Palo Alto Networks Unit 42 and from CYPFER to help supplement our rebuild and restoration efforts. We are focused on getting systems back up and running as safely and as quickly as possible. We are also working on reconnecting with our vendors with the help of our recovery experts. Please be aware that it may still take some time to return to normal operations.”
Last week, researchers at Forescout‘s Vedere Labs revealed that a new prominent threat actor, named ‘RansomHub,’ has surfaced in the aftermath of the Change Healthcare cyber attack and ransomware incident. This group, considered new in the threat landscape, has been targeting additional victims following the significant ransomware and data breach attack in February.
The cyber attack by ALPHV on Change Healthcare stands out as one of the most significant in history. Change Healthcare, a major health payment processing company and a subsidiary of United Healthcare, processes a staggering 15 billion medical claims annually, representing close to 40% of all claims. This attack has had profound consequences for both the organization and its clientele, shedding light on the ransomware landscape with its far-reaching implications.
The researchers also pointed out that RansomHub is recruiting former ALPHV affiliates after the former group’s ‘exit scam’.
Webinar: Transforming Manufacturing Security: The 5-Step Approach to Rolling Out and Scaling Up OT Cybersecurity
Register: May 22, 2024 | 8am PDT | 11am EDT | 5pm CESTRelated
