A Tongan cybersecurity expert says the country’s health data hack is a “wake-up call” for the whole region.

Siosaia Vaipuna, a former director of Tonga’s cybersecurity agency, spoke to RNZ Pacific in the wake of the June 15 cyberattack on the country’s Health Ministry.

Vaipuna said Tonga and other Pacific nations were vulnerable to data breaches due to the lack of awareness and cybersecurity systems in the region.

“There’s increasing digital connectivity in the region, and we’re sort of . . . the newcomers to the internet,” he said.

“I think the connectivity is moving faster than the online safety awareness activity [and] that makes not just Tonga, but the Pacific more vulnerable and targeted.”

Since the data breach, the Tongan government has said “a small amount” of information from the attack was published online. This included confidential information, it said in a statement.

Reporting on the attack has also attributed the breach to the group Inc Ransomware.

Vaipuna said the group was well-known and had previously focused on targeting organisations in Europe and the US.

New Zealand attack
However, earlier this month, it targeted the Waiwhetū health organisation in Aotearoa New Zealand. That attack reportedly included the theft of patient consent forms and education and training data.

“This type of criminal group usually employs a double-extortion tactic,” Vaipuna said.

It could encrypt data and then demand money to decrypt, he said.

“The other ransom is where they are demanding payment so that they don’t release the information that they hold to the public or sell it on to other cybercriminals.”

In the current Tonga cyberattack, media reports say that Inc Ransomware wanted a ransom of US$1 million for the information it accessed. The Tongan government has said it has not paid anything.

Vaipuna said more needed to be done to raise awareness in the region around cybersecurity and online safety systems, particularly among government departments.

“I think this is a wake-up call. The cyberattacks are not just happening in movies or on the news or somewhere else, they are actually happening right on our doorstep and impacting on our people.

Extra vigilance warning
“And the right attention and resources should rightfully be allocated to the organisations and to teams that are tasked with dealing with cybersecurity matters.”

The Tongan government has also warned people to be extra vigilant when online.

It said more information accessed in the cyberattack may be published online, and that may include patient information and medical records.

“Our biggest concern is for vulnerable groups of people who are most acutely impacted by information breaches of this kind,” the government said.

It said that it would contact these people directly.

The country’s ongoing response was also being aided by experts from Australia’s special cyberattack team.

This article is republished under a community partnership agreement with RNZ.

Article by AsiaPacificReport.nz