Regis Aged Care has deployed Tanium’s automated endpoint vulnerability detection and patching services after an analysis identified vulnerabilities.
The Regis Healthcare subsidiary has made new cyber investments every year since it was one of several Maze ransomware victims in 2020; data was stolen and leaked but Regis reported that “back-up and business continuity systems” prevented disruptions to services or operations.
The ASX-listed company said in a statement that health and aged care organisations’ attack surfaces could include a diverse range of endpoints, such as network-connected ECG monitors or smart thermometers.
“Upon conducting an analysis, we realised that out of the thousands of endpoints connected to the network, some were open,” Regis head of cyber security risk and compliance Mazino Onibere said.
“We knew we needed assistance with patching them and we needed to do it quickly and at scale.”
Back in 2017, Onibere said Regis had “hundreds, if not thousands, of endpoints that may or may not have been secure.”
“Cyber security solutions can now offer real-time visibility across a whole network and all endpoints, so we can see where any potential problems might arise, no matter where they’re located.”
Onibere said Regis is using Tanium’s platform for ongoing real-time visibility of endpoints across the network.
Onibere added that the project had also improved Regis’ compliance with federal cyber security regulations to abive where they needed to be.
The endpoint security upgrade was flagged in Regis’ 2022 annual report, which committed “to invest in…developing and enhancing our detection and response capability.”
During the 2020-21 financial year – intersecting with the August 2020 ransomware attack – the aged care provider’s cyber security costs were $672,000; it was not an expenditure category reported in the previous year.
“Throughout FY21, we commenced the implementation of security initiatives for all our employees including training, education and two-factor authentification,” it stated.
In the report, Regis listed other “strategies to manage cyber threats” such as “off-site backup facilities.”
“Hardware and software obsolescence are being addressed… including an assessment to move to a cloud environment where appropriate, modernise data centres and upgrade applications.”
The attack on Regis prompted the Australian Cyber Security Centre (ACSC) to release a warning about an “increase” in “targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the Maze ransomware.”
In the same month as the Regis attack and ACSC’s warning, Anglicare Sydney was also hit by ransomware; its systems were brought offline by the attack and the company later reported that 17GB of data had been transmitted to a remote location.
Towards the end of 2020, the developers of Maze ransomware claimed to shut down operations. However, researchers speculated at the time that the group could just be pivoting to a new alias and Maze’s similarities to Egregor and Sekhmet ransomware were noted.
It was not until February last year that Maze’s developers also released its decryption keys; Egregor and Sekhmet’s were released at the same time.
About Author
