Vic Gov assures ‘no data stolen’ in hospital ransomware breach

Following a week-long post-mortem, the Victorian Department of Premier and Cabinet (DPC) has confirmed no patient data was stolen during a ransomware breach that swept the state’s hospital network last month.

Led by a combined team of state and federal police and cybersecurity experts, the forensic investigation into the attack – which found ransomware spread onto servers controlling clinical, medical and corporate systems – concluded that there was no evidence that patient data was stolen during the breach, with attackers most likely seeking “to extract payment from organisations rather than steal data”.

The breach, which blocked access to several major hospital and health services systems across Gippsland and Southwest Victoria, was triggered after an employee inadvertently opened a phishing email housing the virus.

Once released, ransomware spread across the hospital network, encrypting servers containing patient records.

Prompt action taken by staff helped to contain the virus “to just a portion of the hospital’s computer network”, the DPC noted; however, this required several critical systems to be effectively cut off from the internet – including some patient record, booking and financial management systems.

While the attack was found by investigators to be “synonymous with financially-motivated cybercrime groups”, the DPC said it “did not receive any specific ransom demands.”

Regardless, the Government stressed that it would in no circumstance pay any ransom demand.

“This incident provides a useful reminder about the importance of cybersecurity," the DPC said in a statement. "Despite the many protections put in place by the hospitals to protect their computer networks, cybercriminals worked hard to get inside. Cybersecurity is a business risk that all organisations must act on.”

“And for individuals, it is important to acknowledge that you are a key target for cybercriminals. Cybercriminals want access to your money and information. They will use a variety of tricks to get you to hand it over.”

Efforts to restore the IT systems across the state's healthcare network, including internet and email, have been slow, with some hospital systems reportedly remaining offline until this week – two weeks on from the initial breach.