Surgeries delayed and patient security fears after cyber attack on Victorian hospitals

We’re sorry, this feature is currently unavailable. We’re working to restore it. Please try again later.

Advertisement

This was published 4 years ago

Surgeries delayed and patient security fears after cyber attack on Victorian hospitals

By Melissa Cunningham and Noel Towell

Computer networks in at least seven major regional hospitals remain locked down more than 24 hours after a widespread ransomware attack shut booking systems, delayed surgeries and reignited fears over patient information security.

Computer systems were shut down at Geelong's major University Hospital late on Tuesday, forcing staff to revert to manual bookings and records.

Premier Daniel Andrews conceded it could take weeks to secure the affected networks and clear out the virus, but said there was no evidence to suggest personal patient information had been compromised by the ransomeware attack.

He promised to notify patients if their data or health records had been accessed.

Staff at West Gippsland Hospital have been told their computer booking and record-keeping systems could be down for up to two weeks.

Barwon Hospital has been affected by the cyber attack.

Barwon Hospital has been affected by the cyber attack.

Health services in the Gippsland Health Alliance and South West Alliance of Rural Health, including hospitals in Warrnambool, Colac, Warragul, Sale and Bairnsdale, were also hacked in the ransomware attack.

The security breach sent hospital computer networks into chaos, with staff forced to isolate and disconnect a number of systems, including the internet, to quarantine the virus. Ransomware is malicious software that makes IT systems unusable unless a ransom is paid.

It is not clear how many elective surgeries will be delayed at Barwon Health facilities, including University Hospital, a spokeswoman said late on Tuesday.

And it is not known when the health service's computer systems will be operational again.

Advertisement
Loading

Barwon Health performs nearly 22,000 elective surgeries each year. Last financial year, 86,000 patients were admitted to hospital in the region.

Mr Andrews described it as a "criminal attack" and said "a lot of thought" had gone into targeting the hospitals.

He stressed emergency surgery and emergency departments had not been compromised.

"There will be some disruption to outpatient appointments, there’ll be some disruption for non-urgent care, so elective surgery."

Loading

The Premier said the government was working with Victoria Police and experts from the Australian Cyber Security Centre had flown in from Canberra to help secure the system and determine the scale of the attack.

Experts say the hack on Victorian hospitals does not appear to be as severe as the 'WannaCry' ransomware attack that crippled hospital computer systems around the world, chiefly in the UK.

In February, The Age revealed that a cyber crime syndicate hacked and scrambled the medical files of about 15,000 patients of a specialist cardiology unit at Cabrini Hospital and demanded a ransom.

But David Cullen, the Victorian government's principal advisor for cyber incidents and emergency management, said the attack appeared to have been carried out by "sophisticated cyber criminals" who had spent time researching the hospital networks.

He said some hospitals would have to reschedule appointments and surgeries, but there was no evidence the hackers had stolen sensitive patient or hospital information.

He did not know if the attack was made by foreign hackers, or if ransom demands had been made.

"It's very early stages of the investigation, but we know we are dealing with ransomware," he said. "To be very clear, we will not pay cyber criminals in response to these cyber attacks. This will be a long, complex and protracted forensic investigation."

In May, the state's Auditor-General warned there were serious weaknesses in the cyber security of some of Victoria's health databases which put patient data at risk.

Opposition leader Michael O'Brien slammed the state government for failing to act on the Auditor-General's report.

"What's really concerning is that the government was warned about these loopholes," Mr O’Brien said. "The Auditor-General handed down a report five months ago and the government was warned our hospital IT wasn't up to scratch. It was vulnerable to a cyber attack and that's exactly what happened."

Health Minister Jenny Mikakos said she had been advised that although Barwon Health had to suspend some clinical services, most outpatient appointments and elective surgeries proceeded as planned.

"There has also been a small impact to aged care at Warrnambool and radiation services in Gippsland," Ms Mikakos said. "Other hospitals have so far avoided having to suspend clinical services."

Cyber security expert at La Trobe University Professor Jill Slay said the breach was a stern warning to authorities.

"If a system is not well-protected then it could be as simple as one staff member opening a phishing email which allows hackers  access to the entire system."

Most Viewed in National

Loading