Victorian hospitals hit by ransomware breach

The Victorian Government has shut down information systems across the state’s hospital network following a suspected ransomware breach on Monday.

The state’s Department of Premier and Cabinet (DPC) has said a number of servers across the state’s health network have been impacted by the “cyber incident”, with investigators still assessing the full extent of the breach.

In a statement, the DPC revealed it had blocked access to and isolated several major systems – including financial management – in response the ransomware “infiltration”.

The breach has impacted several hospitals and health services within the Gippsland and South West Victoria region, with the DPC enlisting Victoria Police and the Australian Cyber Security Centre to manage the situation.

The Victorian Cyber Incident Response Service, the state’s dedicated first responder to cybersecurity incidents, has also been deployed to work with affected health services.

Despite the full-scale response, the DPC stressed there is no suggestion that personal patient information had been compromised.

“Hospitals have isolated and disconnected a number of systems such as internet to quarantine the infection,” the DPC said in its statement.

As a result of the isolation action, the hospital network has shut down some patient record, booking and management systems, potentially impacting patient contact and scheduling, the DPC added, with some hospitals “reverting to manual systems to maintain their services”.

“The affected hospitals are now working on their bookings and scheduling to minimise impact on patients, but may need to reschedule some services where they don’t have computer access to patient histories, charts, images and other information.”

Previous audits by the Victorian Auditor General’s Office identified a number of vulnerabilities in Victorian agencies' information and communications technology (ICT) security controls, as well as “immature operational processes [that] may expose them to cyberattacks”.

“We found undeveloped disaster recovery procedures and little awareness of how agencies' ICT systems would perform if subject to a cyberattack. Further, agencies needed to significantly improve their adherence to the Australian Signals Directorate's Top 4 strategies to mitigate cyber intrusion.”

Last October, Victoria’s emergency services were targeted in a widescale data breach resulting in the unsolicited sharing of staff data – including medical information – online.