A number of Melbourne-based hospitals have reportedly been hit by a cyber attack, forcing the institutes to postpone elective surgeries.
One of Melbourne’s largest public health services, Eastern Health, has confirmed it experienced a “cyber incident” on the evening of Tuesday, 16 March.
The suspected cyber attack disrupted a number of the organisation’s IT systems, which have been taken off-line as a precaution while the incident is investigated.
Hospitals impacted by the incident include Box Hill, Maroondah, Healesville and Angliss.
Eastern Health stressed that patient safety was not compromised, but revealed it has postponed “less urgent” Category 2 and 3 Elective Procedures.
Category 1 Elective Surgery are expected to continue as planned.
“We apologise for the inconvenience this may cause,” Eastern Health said in a statement.
“We thank our staff, patients and their families for patience during this situation and we will keep them informed.”
Reacting to the news, Jacqueline Jayne, security awareness advocate at KnowBe4 APAC said hospitals were an “attractive target” for cyber criminals seeking to obtain sensitive information about patients.
“Information that, once obtained, can be used for identity theft and sold multiple times on the dark web,” Jayne said.
“This is not only health-related data as the addition of personally identifiable information (PII) is also there for the taking.
“Once illegal access has been obtained into a hospital there is also information available on employees, vendors and general business information which provides even more reason for cyber criminals to target this sector.”
She added: "When you consider the completeness of information available on an individual, it is clear as to why hospitals are so popular to cyber attackers as the dollar value of the data increases significantly.”
According to Jayne, the cyber attackers were likely to have used malware, “entrapping or manipulating” a user into taking a particular action.
“This action could be clicking on a link or opening an attachment in a phishing email or they may have clicked on a link outside of their email that opened a malicious website,” Jayne added.
“From here the cyber criminals deploy their ransomware."
The news comes just a month after a report from the Office of the Australian Information Commissioner (OAIC) revealed that the largest proportion of data breaches in the six months from July to December 2020 were reported by health services providers (23 per cent).
Michael Sentonas, chief technology officer at CrowdStrike, expressed concern over the continued vulnerability of the health sector to cyber risks.
"Health service providers have consistently reported the most data breaches, 123 reports in this period and the report suggests that the healthcare sector, in particular, should be increasingly vigilant to support patient privacy and security, and ensure that its cyber posture is as resilient as possible," he said.
News Editor – Defence and Security, Momentum Media
Prior to joining the defence and aerospace team in 2020, Charbel was news editor of The Adviser and Mortgage Business, where he covered developments in the banking and financial services sector for three years. Charbel has a keen interest in geopolitics and international relations, graduating from the University of Notre Dame with a double major in politics and journalism. Charbel has also completed internships with The Australian Department of Communications and the Arts and public relations agency Fifty Acres