Security Market Segment LS
Wednesday, 06 November 2019 12:10

Monash IVF Group hacked, phishing emails sent to patients Featured

By
Monash IVF Group hacked, phishing emails sent to patients Pixabay

Fertility business Monash IVF Group has had its internal email servers hacked, but has not made any public announcement about it yet.

The company, which has connections to fertility clinics in New South Wales, Queensland, Victoria, Tasmania, South Australia and the Northern Territory, told the ABC that experts were working to determine the extent of the infirltration.

The hack appears to have come to light when patients received phishing emails from scammers and contacted the ABC to complain.

Monash IVF Group has no media contact listed on its website.

The ABC said Monash had contacted the Office of the Australian Information Commissioner about the breach. But the OAIC has made no public statement about it either.

The company's chief executive, Michael Knaap, claimed to the ABC that the patient database had not been touched.

But he said nothing about how patients had been sent emails by the scammer or scammers.

Knaap also claimed that the lack of definite information at this stage was because of the "the extremely complicated nature of these incidents".

But it was not pointed out to him that similar incidents happen all over the world every day and companies do react much faster in informing the public about them.

Commenting on the incident, Rob Dooley, country manager of data security firm Carbon Black A/NZ, said: "The breach on Monash IVF Group’s internal email servers only serves to highlight the vulnerability of Australia’s healthcare sector to cyber attacks. This sector has seen increased attacks over the course of the year from ransomware attacks on Barwon Health to the Melbourne Heart Group.

"Poor and inadequate security controls, outdated technology and the high quality of healthcare patient data are just some of the reasons why healthcare organisations have been hit so hard by security breaches.

"According to Carbon Black’s second Australian Threat Report, phishing attacks were the prime cause of these breaches according to 27% of Australian respondents who have had a cyber attack on their company, with phishing attacks having more than doubled in the last six months. Furthermore, 89% of Australian organisations reported that cyber attacks have grown more sophisticated.

"These results point to a need for Australia’s healthcare sector to adopt a comprehensive approach to cyber security, one that incorporates prediction, prevention, detection, and response to attempted attacks. Healthcare organisations need to make endpoint protection a top priority and be more pro-active about managing cyber risks so as to combat this crimewave.”

Mark Sinclair, ANZ regional director of WatchGuard Technologies, said: "This is an example of another security breach in the healthcare industry and backs up the data from the August OAIC Notifiable Data Breach Report that puts healthcare at the top of the industry list for reportable data breaches in Australia.

"The healthcare industry remains a top target for cyber criminals and companies need to be especially vigilant."

"It is a reminder of the value of personal data to criminals. A person’s name and email address may seem fairly innocuous on their own, but when coupled with a company, or in this case a specific form of medical treatment, it becomes a powerful weapon for those seeking to scam people online."

Alex Woerndle, principal adviser, Cyber Security – Risk & Governance at technology research and advisory firm Ecosystm, said: “Phishing, although not in the media as often as in the past, is still one of the most common sources of cyber-attacks.

"Situations like this often highlight a lack of readiness to deal with an incident. However, the response is equally as important as the incident itself. Ecosystm’s ongoing cyber security study shows that while 93% of Australian organisations have a breach notification process in place, only 28% continue to evolve the process.

"A strong and evolving communications strategy - both internally and externally - is crucial. Otherwise the media attention that arises from the breach gains its own steam and potentially makes the situation even worse for all concerned.”

Read 7680 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments