Top Highlights
- Oceania healthcare organizations are increasingly targeted by the INC ransomware group, with significant attacks affecting Australia, New Zealand, and Tonga since mid-2024.
- INC typically gains access through compromised accounts, spear-phishing, or exploiting vulnerabilities, then escalates privileges to deploy ransomware and exfiltrate data.
- Smaller nations like Tonga are especially vulnerable due to reliance on centralized infrastructure and limited incident response capabilities, with attackers often choosing opportunity over size.
- Experts advise basic cybersecurity measures—monitoring, MFA, vulnerability management—since INC uses outdated tactics, highlighting ongoing security gaps in healthcare sectors.
INC Ransomware Targets Healthcare in Oceania
Cybersecurity authorities in Oceania warn about a rising threat. The INC ransomware group has been attacking healthcare organizations in the region. These attacks mainly hit hospitals and clinics that need to provide round-the-clock patient care. Such groups often choose healthcare because it is critical and sensitive. Recently, authorities issued a joint alert. They emphasize that INC’s focus has shifted from the US and UK to Oceania. The group’s activity increased in 2025, affecting countries like Australia, New Zealand, and Tonga. In Tonga, for example, the Ministry of Health lost access to its systems, causing major disruptions. Experts say smaller nations are more vulnerable because they depend on centralized systems that are easier to target. The incident highlights the need for better cybersecurity practices in healthcare and government sectors.
Keeping Up with Basic Defense Tactics Matters
Authorities recommend simple but effective security measures to fight INC. Organizations should monitor and control network traffic carefully. Using multifactor authentication (MFA) adds an extra layer of protection. It is also important to fix known software vulnerabilities quickly. Incidents show INC often gains access using stolen credentials or phishing emails. Once inside, the group moves laterally, escalates privileges, and locks down systems by deploying ransomware. Sometimes, they steal personal and health data before encrypting devices. Experts warn that INC relies on older, well-known tactics, not new methods. They stress that organizations need to verify access, control their threat landscape, and stop exposing vulnerable systems online. This approach can help prevent similar attacks in the future.
Stay Ahead with the Latest Tech Trends
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Explore past and present digital transformations on the Internet Archive.
CyberRisk-V1
