This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

UnitingCare Queensland

Summary

UnitingCare Queensland, one of the state's largest healthcare providers, was hit by a ransomware attack in April 2021 that disrupted services across multiple hospitals and aged care facilities. The attack affected critical healthcare systems, though the organisation maintained patient care continuity through manual processes.

What Happened

In late April 2021, UnitingCare Queensland detected a ransomware infection across its IT infrastructure. The attack was attributed to the REvil (Sodinokibi) ransomware gang, which had been targeting healthcare organisations globally.

The ransomware encrypted systems and disrupted IT operations across UnitingCare's network of hospitals and aged care facilities in Brisbane and regional Queensland. The attack affected administrative systems, patient records systems, and internal communications infrastructure.

UnitingCare operates major healthcare facilities including The Wesley Hospital, St Andrew's War Memorial Hospital, St Stephen's Hospital, and numerous aged care residences, making the attack's impact significant across Queensland's healthcare system.

Impact on Individuals

While UnitingCare Queensland maintained patient care services, the cyber attack created operational challenges:

  • Service disruption: Healthcare staff reverted to paper-based processes while systems were offline
  • Data exposure risk: Ransomware attacks typically involve data exfiltration before encryption
  • Patient record access: Delays in accessing digital patient records during the incident
  • Privacy concerns: Potential exposure of sensitive health information

The incident occurred during the COVID-19 pandemic, adding pressure on healthcare systems already operating under strain.

Organisational Response

UnitingCare Queensland immediately activated its incident response procedures and engaged cybersecurity experts to investigate and remediate the attack. The organisation worked with law enforcement and cybersecurity agencies including the Australian Cyber Security Centre.

Healthcare facilities implemented business continuity plans, using manual and paper-based processes to maintain patient care while IT systems were restored. UnitingCare did not publicly confirm whether any ransom was paid to the attackers.

The incident prompted reviews of cybersecurity measures across Australian healthcare providers, highlighting the critical need for robust defences in health services where system downtime can directly impact patient care.

Verification Source: View original statement