24 March 2025
Key information
- On 16 March 2025, a cyber-attack compromised Ascom’s technical ticketing systems.
- Ascom is a major supplier of telecommunications solutions in health services, including Digital Enhanced Cordless Telecommunications (DECT) and Voice over Wi-Fi (VoWiFi) phones, nurse call systems and clinical software.
- Ascom released a statement on the cyber incident on 17 March 2025.
- The Hellcat ransomware group has been attributed by Ascom to have conducted the attack. Hellcat ransomware is a prominent Ransomware-as-a-Service (RaaS) threat group claiming attacks on critical national infrastructure and government organisations.
Steps to protect your organisation
- Review the cyber incident statement and remain aware of further updates. Reach out to local Ascom representatives if required.
- If you are using Ascom systems within your health service, conduct a risk assessment to continue remote access into Ascom systems until assurance can be provided by Ascom that the cyber incident is contained.
- Review the Australian Cyber Security Centre publication Remote access to operational technology environments | Cyber.gov.au to have a rapid disconnection plan for 24-hour deployment, disconnecting remote access if malicious activity is identified. A rapid disconnection is also a requirement in the Medical Device Security Controls published by Victoria Health.
References and further information
- Ascom –Â Ascom affected by cyber attack
- Broadcom –Â Hellcat: Ransomware-as-a-Service group
- Australian Cyber Security Centre –Â Remote access to operational technology environments | Cyber.gov.au
