Vic Health tackles infosec after pathology malware infection

By

Sets up working group to push new controls statewide.

Victoria’s Health department has shortlisted 72 cyber security controls for the state’s health services to implement following a malware infection at Melbourne Health last year.

Vic Health tackles infosec after pathology malware infection

The state’s auditor-general Andrew Greaves today revealed the department had directed all health services “to complete a cyber health check baseline assessment” last May after Melbourne Health fell victim to a malware infection that downed its pathology systems.

It spent weeks grappling with mutations of the Qbot malware, and had to fast-track an operating system upgrade project to recover.

The state-wide cyber health check baseline assessment conducted in the wake of the infection “found that health services are at varying levels of maturity, and all health services need to work to achieve minimum cyber security standards”, Greaves said.

“After the assessment, the department prepared a set of cyber security minimum baseline requirements, comprising 72 cyber security controls,” he said.

“A working group of representatives from the health services and the department has been set up to plan how the health sector will attain the maturity required to protect the quality and safety of clinical care from cyber breaches.”

Greaves said there were a range of risks around cyber security across the state’s health operations, and they were exacerbated by system interdependencies.

He said patients could be put at risk if systems across a range of health disciplines were left unavailable due to a security breach.

However, Greaves said he “commended” the Health department for its actions following the Melbourne Health malware infection, and said his office would consider a future audit to determine the efficacy of implementation of the baseline security controls.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors

Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul

Log In

  |  Forgot your password?