Security Market Segment LS
Wednesday, 06 November 2019 12:10

Monash IVF Group hacked, phishing emails sent to patients Featured

By
Monash IVF Group hacked, phishing emails sent to patients Pixabay

Fertility business Monash IVF Group has had its internal email servers hacked, but has not made any public announcement about it yet.

The company, which has connections to fertility clinics in New South Wales, Queensland, Victoria, Tasmania, South Australia and the Northern Territory, told the ABC that experts were working to determine the extent of the infirltration.

The hack appears to have come to light when patients received phishing emails from scammers and contacted the ABC to complain.

Monash IVF Group has no media contact listed on its website.

The ABC said Monash had contacted the Office of the Australian Information Commissioner about the breach. But the OAIC has made no public statement about it either.

The company's chief executive, Michael Knaap, claimed to the ABC that the patient database had not been touched.

But he said nothing about how patients had been sent emails by the scammer or scammers.

Knaap also claimed that the lack of definite information at this stage was because of the "the extremely complicated nature of these incidents".

But it was not pointed out to him that similar incidents happen all over the world every day and companies do react much faster in informing the public about them.

Commenting on the incident, Rob Dooley, country manager of data security firm Carbon Black A/NZ, said: "The breach on Monash IVF Group’s internal email servers only serves to highlight the vulnerability of Australia’s healthcare sector to cyber attacks. This sector has seen increased attacks over the course of the year from ransomware attacks on Barwon Health to the Melbourne Heart Group.

"Poor and inadequate security controls, outdated technology and the high quality of healthcare patient data are just some of the reasons why healthcare organisations have been hit so hard by security breaches.

"According to Carbon Black’s second Australian Threat Report, phishing attacks were the prime cause of these breaches according to 27% of Australian respondents who have had a cyber attack on their company, with phishing attacks having more than doubled in the last six months. Furthermore, 89% of Australian organisations reported that cyber attacks have grown more sophisticated.

"These results point to a need for Australia’s healthcare sector to adopt a comprehensive approach to cyber security, one that incorporates prediction, prevention, detection, and response to attempted attacks. Healthcare organisations need to make endpoint protection a top priority and be more pro-active about managing cyber risks so as to combat this crimewave.”

Mark Sinclair, ANZ regional director of WatchGuard Technologies, said: "This is an example of another security breach in the healthcare industry and backs up the data from the August OAIC Notifiable Data Breach Report that puts healthcare at the top of the industry list for reportable data breaches in Australia.

"The healthcare industry remains a top target for cyber criminals and companies need to be especially vigilant."

"It is a reminder of the value of personal data to criminals. A person’s name and email address may seem fairly innocuous on their own, but when coupled with a company, or in this case a specific form of medical treatment, it becomes a powerful weapon for those seeking to scam people online."

Alex Woerndle, principal adviser, Cyber Security – Risk & Governance at technology research and advisory firm Ecosystm, said: “Phishing, although not in the media as often as in the past, is still one of the most common sources of cyber-attacks.

"Situations like this often highlight a lack of readiness to deal with an incident. However, the response is equally as important as the incident itself. Ecosystm’s ongoing cyber security study shows that while 93% of Australian organisations have a breach notification process in place, only 28% continue to evolve the process.

"A strong and evolving communications strategy - both internally and externally - is crucial. Otherwise the media attention that arises from the breach gains its own steam and potentially makes the situation even worse for all concerned.”


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments