Earlier this year, a major cyber security incident impacted a prominent telecommunications and clinical software supplier to the health sector. The attack, carried out by the Hellcat ransomware group, targeted the supplier’s internal ticketing systems—tools used to manage services such as nurse call and clinical software.

While the breach primarily disrupted internal systems, not the applications directly used within aged care facilities, it serves as a powerful reminder of how vulnerable the sector is to risks within its supply chain.

Lessons for Aged Care

Supply Chain Risk

Even if an aged care organisation’s own systems aren’t directly compromised, an attack on a vendor can create serious ripple effects. Providers depend on third-party partners for critical infrastructure such as communications, nurse call, and care management systems. Disruptions at the supplier level can quickly cascade into service interruptions.

Regulatory Pressures

This incident is one of many cyberattacks targeting healthcare in 2025, prompting regulators to increase their scrutiny. The new Aged Care Act, coming into effect on 1 November 2025, introduces stronger requirements for cyber security—particularly around information protection and incident reporting. For providers, this underscores the need to establish robust information management systems and embed sound cyber practices across their organisations.

Proactive Measures

For aged care providers, the message is clear: don’t wait for an incident to occur. Now is the time to adopt proven cyber resilience frameworks, such as the Essential Eight strategies recommended by the Australian Cyber Security Centre (ACSC), strengthen policies, and ensure staff are trained to recognise and respond to threats.

Building a More Secure Future

The Essential Eight strategies provide a practical roadmap for defence:

  • Application control & patching to close vulnerabilities.
  • Multi-factor authentication to strengthen user access.
  • Regular backups to ensure recovery after an attack.
  • User awareness training to build a human firewall.

By taking these steps, aged care organisations can better protect their residents, staff, and systems from the ripple effects of cyberattacks—whether directed at them or their suppliers.

The Takeaway

The attack on a healthcare supplier highlights an uncomfortable truth: aged care providers are only as strong as the weakest link in their digital ecosystem. Protecting residents and maintaining compliance means looking beyond internal systems and considering the resilience of every partner in the supply chain.

At Novo3, we help aged care providers strengthen their cyber posture with solutions tailored to the sector—ensuring compliance, protecting sensitive data, and keeping critical systems running.

Is your organisation prepared for the November 1, 2025 deadline?
Download our Essential Eight Flyer or Book a Consultation to take the next step.