Aged care operator's sensitive data stolen in foreign cyber attack
ASX-listed aged care operator Regis has been hit by an international cyber attack that has led to the release of sensitive personal data, adding to the woes of the company which is battling a coronavirus outbreak at one of its Melbourne centres.
The $400 million operator told investors on Monday morning an "overseas third party" was responsible for an attack on its operations resulting in data being copied from its servers and publicly released. The incident has not disrupted its services, the company said.
Regis Aged Care has been battling coronavirus outbreaks. Credit:Nine News / Twitter
"The company is contacting parties whose personal data has been publicly released," Regis said in a statement.
The company's share price fell close to 2 per cent to $1.30 at the opening of trading on Monday, pushing the stock down 11 per cent over the past month.
It's understood the data breach includes personal information relating to a small number of residents at Regis facilities and a staff member.
A file of documents apparently relating to the company's Burnside facility in Adelaide was posted to a public website over the weekend.
Regis Healthcare management has been contacted on the nature of the personal data that has been stolen.
The federal Australian government's cyber security centre issued a "critical" warning on Sunday that ransomware known as Maze is threatening aged care facilities across the country.
"The ‘Maze’ ransomware is designed to lock or encrypt an organisation’s valuable information so that it can no longer be used and has been observed being used alongside other tools which steal important business information," the centre said in an update on Sunday.
"We recommend you do not pay the ransom if affected by the Maze ransomware. There is no guarantee paying the ransom will fix your devices and it could make you vulnerable to further attacks.
The cyber threat adds to the problems of operators within the industry that are fighting to contain coronavirus outbreaks in Victoria.
Regis has an outbreak at its Brighton facility in Melbourne where 19 residents and 23 staff have tested positive to the virus as of last Friday. Three residents from the facility have died.
Regis chief executive Linda Mellors said the business was working with expert IT and security advisers over the cyber security incident.
No other listed aged care operators have reported concerns about ransomware attacks.
Anxieties about cyber security in health care have risen since the COVID-19 pandemic, with concerns that everyone from vaccine researchers to hospitals and universities are vulnerable to data compromises.
The Australian Cyber Security Centre said aged care facilities were an attractive target because of the sensitive medical information held about patients. "A significant ransomware attack against a hospital or aged care facility would have a major impact," its team said on Sunday.