Macquarie Health Corporation has announced that it has suffered what it describes as a “cyber incident”, that has led to it taking its IT systems offline “as a precaution”.
iTWire understands the “cyber incident” is a ransomware attack, in this case by a group known as Hive or HiveLeaks that attacks systems running Microsoft’s Windows operating system.
Researchers from infosec firm SentinelLabs describe Hive as a double-extortion ransomware group — “making their money off of a two-pronged attack: exfiltrating sensitive data before locking up the victims’ systems” — that first made its presence known in June this year.
Jim Walter and Juan Andres Guerrero-Saade said in a blog post about Hive in August: “The group is notable in its undiscerning choice of targets, having no limits when it comes to healthcare providers and hospitals, as evidenced in a recent attack on Memorial Health System hospitals in Ohio.
“Hive ransomware is written in Go to take advantage of the language’s concurrency features to encrypt files faster. Hive remains active with as many as 30 victim companies listed on its Hive Leaks onion site at the time of writing.”
PSA: If you are dealing with a Hive ransomware incident and some of the affected servers are ESXi servers, ensure that these servers are not rebooted. These dumbos create some of the key files required to decrypt the data in non-persistent locations. Reboot = all data gone.
— Fabian Wosar (@fwosar) October 7, 2021
And they added: “While many active ransomware groups have committed to forgoing attacks on medical targets in deference to the current global situation, Hive is not one of them.
“On 15 August, news broke of a Hive campaign against Memorial Health System, an Ohio healthcare provider. As a result, the hospital was forced to advise some patients to seek treatment at separate facilities.”
On its website on the dark web, the attackers claimed to have pilfered 225GB of data from Macquarie Health Corporation during the attack.
The ransomware used in this attack, Hive, is a PITA. For example, the decryptor spends >30 minutes initializing on EVERY system. So, if a company has 100 encrypted systems, >50 hrs will be wasted just on initializations. https://t.co/bBtkC2vfiW
— Brett Callow (@BrettCallow) August 16, 2021
The attackers claimed the exfiltrated data included medical records, research and personal data of 6717 people, financial documents, bank balances and tax deductions among others.
In a statement, dated Thursday, Macquarie Health Corporation said: “The incident has not impacted our ability to deliver patient care. As always, we remain committed to the ongoing delivery of clinical services to our patients.
“We apologise for any inconvenience this disruption may cause and thank our staff, patients, and clinicians for their patience during this situation. We will keep you informed through further updates.”
Macquarie Health was set up in 1973 by Dr Thomas Wenkart in Sydney, according to information at the company’s website.
It has 12 hospitals which provide surgical procedures, rehabilitation and mental health clinics, skin imaging and dermascopy, medical systems; cosmetic procedures, e-health informatics and data solutions.
The companies under its banner are Macquarie Hospital Services, MacRehab, Macquarie Medical Systems, Derma Medical and Machealth eSolutions.
Contacted for comment, Brett Callow, a seasoned ransomware threat researcher from the New Zealand-headquartered security shop Emsisoft, said: “Hive’s victims include multiple public sector organisations, including organisations in the healthcare and education sectors.
“It’s also a particularly problematic ransomware from a recovery perspective. Hive has an absurd crypto scheme that makes restoration even more time-consuming that usual, with sloppy coding making data loss a real possibility.”
GRAND OPENING OF THE ITWIRE SHOP
The much awaited iTWire Shop is now open to our readers.
Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.
PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.
Products available for any country.
We hope you enjoy and find value in the much anticipated iTWire Shop.
ENTER THE SHOP NOW!
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.
We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
SEE WHAT’S ON ITWIRE TV NOW!