Regis Aged Care has implemented Tanium’s endpoint management platform as a patch management solution.
The Regis Healthcare subsidiary has made new cyber investments every year since it was one of several Maze ransomware victims in 2020; data was stolen and leaked but Regis reported that “back-up and business continuity systems” prevented disruptions to services or operations.
The ASX-listed company said in a statement that health and aged care organisations’ attack surfaces could include a diverse range of endpoints, such as network-connected ECG monitors or smart thermometers.
The endpoint security upgrade was flagged in Regis’ 2022 annual report, which committed “to invest in…developing and enhancing our detection and response capability.”
During the 2020-21 financial year - intersecting with the August 2020 ransomware attack - the aged care provider’s cyber security costs were $672,000; it was not an expenditure category reported in the previous year.
“Throughout FY21, we commenced the implementation of security initiatives for all our employees including training, education and two-factor authentification," it stated.
In the report, Regis listed other “strategies to manage cyber threats” such as “off-site backup facilities.”
"Hardware and software obsolescence are being addressed… including an assessment to move to a cloud environment where appropriate, modernise data centres and upgrade applications.”
The attack on Regis prompted the Australian Cyber Security Centre (ACSC) to release a warning about an “increase” in “targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the Maze ransomware.”
In the same month as the Regis attack and ACSC’s warning, Anglicare Sydney was also hit by ransomware; its systems were brought offline by the attack and the company later reported that 17GB of data had been transmitted to a remote location.
Towards the end of 2020, the developers of Maze ransomware claimed to shut down operations. However, researchers speculated at the time that the group could just be pivoting to a new alias and Maze’s similarities to Egregor and Sekhmet ransomware were noted.
It was not until February last year that Maze’s developers also released its decryption keys; Egregor and Sekhmet’s were released at the same time.
Update, 5.15pm: Parts of this article were removed after Tanium retracted portions of its earlier statement.