Some Queensland hospitals and health services have resorted to manual processing patients after a cyber attack brought down the IT systems of UnitingCare Queensland.

The organisation runs the Wesley, Buderin Private, St Stephen’s, and St Andrew’s War Memorial hospitals along with aged care homes and Lifeline in Queensland.

In a statement posted to its website on Monday night, UnitingCare said it had notified the Australian Cyber Security Centre (ACSC) about the attack and is trying to get its systems back up and running.

“Where necessary, manual back-up processes are now in place to ensure continuity of most services,” UnitingCare said.

“Where manual processes cannot be implemented, services are being redirected or rescheduled accordingly.

“Due to the recency of the incident, it is not possible to provide a resolution timeframe at this stage, however our digital and technology team are working to resolve this issue as swiftly as possible.”

Staff from two of UnitingCare’s hospitals who spoke with Information Age confirmed the extent of the cyber incident, saying they had no access to emails or patient admittance system, Cerner.

They also said surgeries and doctors’ appointments were still going ahead on Tuesday, despite the attack leaving them without access to electronic patient files.

A Nine news report said ransomware was behind the outage.

UnitingCare is the second Australian provider of health services to be crippled by a cyber attack in the last six weeks after Victoria’s Eastern Health was taken offline last month.

VMware cyber security strategist, Rick McElroy, said hospitals were a prime target for cyber attacks due to the potentially valuable personal information they hold.

“While the attack methods may vary, most cybercriminals are motivated by a financial incentive,” he said.

“Given the critical nature of data at healthcare organisations, they are often a prime target for attacks, as cybercriminals know patient care is on the line and organisations are more apt to pay.”

UnitingCare was unable to say whether personal information had been extracted as part of the incident.

According to US cyber security company Coveware, 77 per cent of ransomware attacks in the first three months of this year involved a threat to leak stolen data.

That number is increasing as cyber criminals have moved toward the ‘double extortion’ model of ransomware in which the groups lock down a network and threaten to publish information unless a ransom is paid.

Coveware said threat actors don’t tend to steal data that would be valuable to other cyber criminals and instead the theft “is just proof that the attack occurred and sometimes creates legal obligations for the victim”.

An Apple supplier was recently hit by ransomware that saw the REvil hacker group post schematics of upcoming Apple products to the dark web.

REvil has since removed its original threat and the information it leaked.