New Report Warns Australian Plastic Surgery and Dental Clinics Are Top Targets for Ransomware Attacks

A new report warns that Australian plastic surgery clinics, dentists, and aged care facilities are becoming a prime target among foreign ransomware gangs as they seek big paydays and our most private information.

The warning was issued in a report from security firm CyberCX; the same report also revealed that ransomware attacks against Australian and New Zealand targets had more than doubled this year, and healthcare firms associated with the rollout of Covid-19 vaccine were more likely to be attacked by both criminals and foreign spies.

The report details a series of dangerous attacks against Australian medical facilities this year which have shut down or stolen data from two hospital groups, two aged care providers, Tasmania’s ambulance service, a vaccine research agency, and a medicinal cannabis firm.

Intelligence director of CyberCX Katherine Mansted said criminal groups were increasingly attempting to “exploit the pandemic for their own needs” and target essential health services that could not afford to go down for the shortest amount of time.

“Hospitals and aged care facilities need to be providing frontline care so when a cybercriminal knocks them offline they’re increasing the chances that victim will pay a ransom,” she said.

“Their strategy is to cause harm to achieve a payday.”

As attacks against hospitals get focus from law enforcement agencies, Ms Mansted said, criminal gangs are going after new targets within the health industry to go under the radar.

“We’re seeing them pivot into still lucrative but less high-profile targets like elective surgery practices, aged care facilities, dentistry and plastic surgery clinics,” she warned.

Cosmetique chief executive Dr Vivek Eranki, who runs 13 cosmetic surgery clinics across four states, said the forecast was disturbing because many businesses within the industry did not take computer security seriously.

Dr Eranki’s business employs all the standard security measures like encrypted communications, two-factor logins for staff, a mechanism to prevent theft and so on. Dr Eranki said doctors should seek the services of a security professional to set up a secure system, and to train their staff.

Ms Mansted said the government needed to take more action to prosecute criminals, prevent attacks and to “make Australia less of a soft target”.

“There needs to be a concerted effort from the Australian government to disrupt the business model of cyber criminals because, ultimately, they perceive Australia and our healthcare sector to be a permissive environment,” she said.

Here are a few steps you can take to avoid a ransomware attack:

  • Apply software updates as soon as they are available
    • Use multi-factor authentication to secure accounts; do not use just a password
    • Keep up-to-date backups of all important information
    • Carefully inspect email links and attachments before clicking on them
    • Only download software from known, trusted sources

Do you need help securing your business? Contact us today.