Various hospitals and health facilities across regional Victoria were targeted by cyber attackers earlier this month, which included the Gippsland Health Alliance and the South West Alliance of Rural Health. These groups operate a number of facilities in Warrnambool, Colac, Geelong, Warragul, Sale, and Bairnsdale, among other smaller towns.
"The cyber incident… blocked access to several systems by the infiltration of ransomware, including financial management," a Department of Premier and Cabinet spokesperson said in a statement.
The department noted that there was no evidence to suggest that personal patient information had been compromised, but forensic investigations are underway.
The quarantine of affected systems led to some patient record, booking and management systems going offline, which affected patient contact and scheduling in some locations. Other facilities fell back on paper processing to continue day-to-day operations.
Barwon Hospital in Geelong was among those affected, with the health service's entire network being shut down to quarantine the effects of the attack. The cyberattack on Barwon Health used a variant of Emotet, which Mimecast covered extensively in our 2019 Threat Intelligence Report (Black hat Edition). Mimecast has been acutely aware of the risks Emotet poses, and we were happy to share the analytics of our Emotet countermeasures with our customers, helping them improve their defences while minimising disruptions to their workflow.
Following the attacks, we also received a number of calls from our customers in the healthcare and education sectors, who wanted to check in on their cybersecurity. Though the damage was minimal, attacks like this illustrate the cyber risks facing the Victorian healthcare sector. In May, the Victoria’s Auditor-General warned in a report that Victorian patient health data was "highly vulnerable" to attack.
When it comes to sensitive data like patient information, financial records and health records, cybersecurity cannot be left up to chance. Healthcare providers need to review their cybersecurity urgently. Their reputation and their effectiveness as healthcare providers depend on it.