The COVID-19 pandemic has fundamentally shifted the cyber threat landscape for Australia’s health sector, with the Australian Cyber Security Centre (ACSC) reporting a 84% increase in the number of cyber security incident reports relating to the health sector between 2019 and 2020.1 As custodians of vast volumes of highly sensitive information, the industry continues to find itself at the mercy of cyberattacks that paralyze systems until a ransom is paid—threatening the security of patient d

In 2021, Kroll investigators have had multiple opportunities to respond to a series of interconnected network intrusions, ransomware events and cyber incidents which, upon investigation and review, possessed overlapping tactics, techniques and procedures (TTPs) and similar indicators of compromise (IOC) among them. The incidents affected organizations of various sizes across diverse industry sectors through what Kroll’s investigations confirmed was a range of separate intrusion vectors.