Victorian hospitals go offline after ransomware attack

A number of regional Victorian hospitals and health services have been forced to shutdown their IT systems, including some electronic health records, after experiencing a ransomware attack on Monday.

In a statement, the state’s Department of Premier and Cabinet said the “cyber security incident” had blocked access to several major systems, including financial management, after being infiltrated.

Hospitals in the Gippsland Health Alliance and the South West Alliance of Rural Health are said to have been affected, though investigations are continuing to understand the full extent of the attack.

“A number of servers across the state have been impacted. Investigations are still taking place on the full extent of the impact,” DPC said.

“Hospitals have isolated and disconnected a number of systems such as internet to quarantine the infection.

“This isolation has led to the shutdown of some patient record, booking and management systems, which may impact on patient contact and scheduling.

“Where practical, hospitals are reverting to manual systems to maintain their services.”

The DPC said the state’s cyber incident response service had been deployed and spent Monday night working with the impacted health services to respond to the attack.

Victoria Police and the Australian Cyber Security Centre are also working with the government and the health services to manage the incident.

While the investigations are ongoing, DPC said stressed that there was currently “no suggestion that personal patient information had been accessed”.

“The priority is to fix all affected systems and prevent any further compromise,” DPC said.

“The affected hospitals are now working on their bookings and scheduling to minimise impact on patients, but may need to reschedule some services where they don’t have computer access to patient histories, charts, images and other information.”

Earlier this year, Victoria’s auditor-general warned that the state’s public health system was “highly vulnerable” to attack after it was able to exploit weaknesses and access patient data in four hospitals and health services.

One of those identified was Barwon Health, which was one of the health services affected by the ransomware attack on Monday.

“Victoria’s public health systems is highly vulnerable to the kind of cyberattacks recently experienced by the National Health Service (NHS) in England, in Singapore, and at a Melbourne-based cardiology provider, which resulted in stolen or unusable patient data and disrupted hospital services,” the auditor-general said.

The auditor-general was particularly critical of the security awareness of staff, which it said “increases the likelihood of success of social engineering techniques such as phishing”.

More to come