A pharmacy in Toowoomba, Queensland, has become the latest victim of a
ransomware attack, highlighting growing concerns about the digital vulnerability
of small businesses.
The incident occurred last month when hackers gained access
to the Friendlies Society Dispensary’s private IT systems. Authorities believe
sensitive data stored on the system may have been compromised.
A coordinated
investigation is now underway, involving the National Office of Cyber Security,
the Australian Cyber Security Centre, Services Australia, Queensland Health, the
National Disability Insurance Agency, and the Department of Home Affairs.
Bayden
Johnson, Chief Executive Officer of the Friendlies Society Dispensary, said the
organisation acted quickly once the attack was detected. “We immediately took
steps to secure our systems and understand the nature of the incident,” he said.
“Our priority now is to determine what information was accessed and ensure all
necessary precautions are taken.”
The pharmacy, which offers healthcare services
and mobility support equipment, is cooperating fully with federal authorities.
The Department of Home Affairs stated that Services Australia’s systems remain
secure and were not affected by the breach. It added that ongoing monitoring is
being carried out to detect any irregular activity.
According to the Australian
Signals Directorate (ASD), ransomware incidents account for 11 percent of all
reported cyberattacks in the country.
The ASD’s 2023–24 Annual Cyber Threat
Report revealed that a cybercrime report is lodged roughly every six minutes,
with small businesses reporting an average loss of $49,600 per attack.
Associate
Professor Saeed Akhlaghpour from the University of Queensland’s Cyber Research
Centre said cybercriminals are constantly evolving their tactics. “Attackers are
no longer just locking files; they are also stealing and leaking data.
Ransomware can even be delivered through browsers, apps, or malicious file
uploads,” he explained.
Dr Akhlaghpour, who researches cybersecurity risks in
the healthcare sector, said health organisations such as pharmacies, medical
practices, and gyms often face higher risks due to inconsistent monitoring and
handling of sensitive information.
He noted that human error is still the
leading cause of ransomware attacks, as employees often reuse passwords or click
on unsafe links in haste. With the rise of AI-powered tools that make it easier
for criminals to conduct large-scale attacks, he urged small business owners to
invest in better cybersecurity systems and response plans.
“Many breaches occur
because of poor risk management and the absence of a clear response strategy,”
he said. “Regular monitoring can prevent many of these problems.”
Dr Akhlaghpour
also advised businesses not to pay ransoms if they fall victim to an attack.
“You cannot trust criminals. Paying the ransom rarely restores data and often
leads to further targeting. Stolen data is frequently resold on the dark web,”
he warned.
Authorities continue to monitor the situation in Toowoomba as
cybersecurity experts remind small business owners across Australia to take
preventive measures and strengthen their defences against the growing threat of
ransomware.
