Good backup systems have minimised an aged care provider’s losses during a ransomware attack, an aged care conference has heard.
Aged care provider Greengate was targeted in a cyber attack around 3.00am on 7 October last year, which encrypted all servers at its St Patrick’s Green facility in Kogarah, Sydney, and St Luke’s Green facility in Woolloongabba, Brisbane.
Servers were also shut down at its St Brigid’s Green facility in Maroubra in Sydney and head office, also in Sydney, said Stephen O’Brien, the organisation’s IT and communications manager.
“We found some software on two servers and there was one PC at a site that was encrypted with the… ransomware message, which was obviously where those guys had gotten in,” Mr O’Brien told the aged care sector’s technology conference ITAC Virtual 2021.
A registered nurse at St Patrick’s Green first reported the problem to the company’s IT support provider Huon IT at 3.30am saying the phone and the nurse call systems were down.
Mr O’Brien said the staff were also unable to access the main file server, internet, clinical applications, messaging, CCTV, printing, or emails.
Huon IT was investigating the problem by 6.00am and just prior to 8.00am a messaging group was formed between Greengate’s chief operating officer and IT leads and Huon IT consultants to share regular updates about the situation and steps being taken, he said.
“We gave the guys at Huon about an hour to see what they could do to see whether they could recover the information or find out what was actually going on,” Mr O’Brien said.
By 9.30am the same day, Greengate decided to rebuild instead of paying the ransom.
“Fortunately, we had a very strong backup policy in place that had been going for some time and we were able to restore from snapshots taken at midnight the previous night.”
Only data from midnight until 9:30 in the morning was lost, Mr O’Brien said.
Over the next few days, Greengate and Huon IT took several steps to improve firewall and password security.
“We locked down the firewalls to prevent any other remote applications [accessing core servers] including things like TeamViewer, which we just blocked that out completely,” he said.
“We changed [the] staff WiFi password and we didn’t give it to anybody. My two guys walked around and entered it directly into all the PCs and in all care staff’s phones at those sites. Everyone was forced to change the domain login password and we increased the complexity from eight to 10 characters,” Mr O’Brien said.
Greengate also introduced network security products, implemented mandatory training for staff on email and computer security, cancelled all guest and shared accounts, providing all staff with individual accounts to log in to computers.
Mr O’Brien said Greengate had cyber insurance, which covered the work Huon IT undertook in those first few days.
Benefits of cloud
Mr O’Brien said in 2019 the provider developed a strategy to transform its IT strategy, which included leveraging cloud solutions where possible and using single sign on multifactor authentication.
“However… we still had five key core applications sitting on a single server at the head office. That was a time and attendance system, our dashboard, our [customer relationship management], Microsoft Exchange, and our phone system,” he said.
With the unpredictable nature of COVID-19, there was urgency to speed up long-term plans to move these systems to the cloud, Mr O’Brien said.
“Over the next number of months, we moved those applications to the cloud, starting with the phone system. We then moved Exchange to Exchange Online, moved our dashboard to their cloud, moved the CRM to the cloud and on the 29th of September we finally had Time Target in the cloud, which was one week before this event occurred on 7 October.
“If we had not done have done that, we would not have been in anywhere near the shape that we’re in now,” he said.
Tips for providers
Mr O’Brien warned aged care providers against becoming complacent or too comfortable with their technology set up.
“Never stop trying to find out what the next technology is, what’s better than you’ve currently have. Just because you’ve been doing it for a number of years doesn’t mean it’s the best solution,” Mr O’Brien said.
He said he constantly challenges himself and his team about the technology they use and whether it is the best solution for the organisation.
The ITAC Virtual 2021 took place on 23 – 24 March.