Victorian hospitals across Gippsland, Geelong and Warrnambool hit by ransomware attack

Updated

The Victorian Government is investigating the scale of a ransomware attack by "sophisticated cyber criminals" on some of the state's major regional hospitals that has forced healthcare providers to go offline.

Key points: The Government said there was no suggestion patient data had been accessed

Hospitals manually took their systems offline to "quarantine the infection"

It is not clear how many patient procedures will be affected the attack

Hospitals in the Gippsland Health Alliance, in the state's east, and South West Alliance of Rural Health were impacted by the attack.

The groups include operators of hospitals in Warrnambool, Colac, Geelong, Warragul, Sale, and Bairnsdale as well as a host of services in smaller towns.

"The cyber incident, which was uncovered on Monday, has blocked access to several systems by the infiltration of ransomware, including financial management," a Department of Premier and Cabinet spokesperson said in a statement.

The department said there was no suggestion that personal patient information had been accessed.

Cyber experts called in to secure system

Premier Daniel Andrews said it was "very much a criminal attack" where "a lot of thought" had gone into targeting the hospitals.

"There will be days, up to weeks' worth of work that will have to be done to secure that network," he said.

The Government said it was working with Victoria Police to manage the incident and experts from the Australian Cyber Security Centre would arrive from Canberra to help secure the system.

The department spokesperson said a "number of servers" across Victoria were impacted but investigations were still underway to determine the full extent of the attack.

"Hospitals have isolated and disconnected a number of systems such as internet to quarantine the infection," the spokesperson said.

David Cullen, the principal adviser to the State Government on cyber incidents, said hospitals were dealing with "sophisticated cyber criminals".

"[They] have managed to bypass the various protections and controls we have put in place on our computer networks to install ransomware, which is a form of virus, on to these computer networks," he told ABC Radio Melbourne.

He did not believe patient data had been compromised but said further investigation would be necessary.

"We are undertaking a very detailed, very thorough forensic investigation," he said.

Mr Cullen said the hackers were likely motivated by financial gain but said no demands for money had been made to hospitals.

"It is usually money that cyber criminals are looking for when they deploy ransomware," he said.

"We haven't yet been met with any specific ransom demands."

Surgeries and appointments cancelled

The department said the isolation had led to the shutdown of "some patient record, booking and management systems" and some hospitals had reverted to "manual systems" to maintain services.

"The affected hospitals are now working on their bookings and scheduling to minimise impact on patients, but may need to reschedule some services where they don't have computer access to patient histories, charts, images and other information."

Barwon Health, which services Geelong and the surrounding area, confirmed it had "experienced a cyber security incident" with its IT system.

The healthcare provider admitted more than 86,000 patients in the 2017-2018 financial year.

In a tweet, Barwon Health said "some elective surgery and appointments" had been cancelled.

"We expect there to be some impact on patient services throughout the day. The University Hospital Emergency Department is continuing to treat patients as they arrive," it said in a statement.

In a statement, the West Gippsland Healthcare Group (WGHG) said their IT system had been affected by the cyber security incident but it had not affected clinical services at West Gippsland Hospital.

"There have been no cancellations to surgery, Emergency Department is operating as usual and all hospital inpatient and outpatient services, including consulting suites and allied and community health, are running," the statement said.

WGHG CEO Dan Weeks, said the incident had affected shared IT systems between hospitals within the Gippsland Health Alliance.

"Fortunately, most of our local services are still functional including internal intranet communications, phone systems, public address system, access to printers and external website," he said.

"In situations like this, the hospital reverts to manual paper-based systems to maintain services."

Mr Andrews said there would be no impact on emergency care at the facilities.

"We're not diminishing the impact but it's one part of the health system, not the entire health system," he said.

The department said since it had launched the Victorian Cyber Incident Response Service in July 2018, they had responded to more than 600 cyber attacks on Victorian Government organisations.

Cybersecurity experts have previously warned healthcare data is a growing target for hackers.

In 2017, the 'WannaCry' ransomware attack caused chaos around the world — including for the UK's National Health System.

In February, it was revealed a ransomware attack had targeted a Melbourne cardiology practice.

The state's Auditor-General warned in a report released in May that Victorian patient health data was "highly vulnerable" to attack.

The report said auditors used "basic hacking tools" to access sensitive patient data at three major Victorian hospitals to show the "significant and present risk" to data security.

Topics: information-and-communication, information-technology, health, healthcare-facilities, geelong-3220, vic, melbourne-3000, bairnsdale-3875, foster-3960, warragul-3820, colac-3250, portland-3305, warrnambool-3280, traralgon-3844, sale-3850

First posted