As reported by the Australian Associated Press, hospitals in the Australian state of Victoria were hit with a suspected ransomware attack on Monday afternoon. The government said that while patient data was not accessed, patient record, booking and management systems were forced offline while investigation into the incident takes place.
This comes just months after an audit of Victoria’s public health system found that “all the audited health services are vulnerable to [cyber] attacks that could steal or alter patient data.
It is reported that Victorian hospitals across Gippsland, Geelong and Warrnambool hit by ransomware attack. #australia #cybersecurity #hacking #victoria #hospital #cyberattack #ransomware https://t.co/W8MDXI0p35
— Mark Padginton (@MarkPadginton) October 1, 2019
Cybercriminals always try to get maximum profit doing the least effort; that’s why targeting regional hospital technology is a good business opportunity for them, as the private sector is becoming more secure and difficult to hack, while most healthcare systems are easier. There is a lack of cybersecurity knowledge and skilled resources in most healthcare organisations around the world, all the while technology adoption and dependence keep increasing; this makes for a dangerous cocktail. We can see in this instance that the hospital claimed there might be some disruption to outpatient appointments and non-urgent care (i.e. elective surgery), but no patient data has been exposed, but this could have easily not been the case and attacks such as these could end up putting human lives at risk. It’s imperative that governments around the world start taking some action before cyber-attacks consequences turn really bad.
Sadly, attacks on healthcare organisations are becoming increasingly common, so it’s imperative that organisations take the necessary steps to manage digital risk very carefully. As more and more elements of healthcare go online, such as the widespread use of electronic patient records and internet-connected medical devices, hospitals are becoming an increasingly attractive target for ransomware attacks that seek to disrupt operations.
Security and IT teams must not work in isolation, particularly in healthcare where the consequences can be extreme and even put lives at risk – just look at the WannaCry ransomware attack, which reportedly cost the NHS £92m and resulted in 19,000 appointments being canceled. In order to manage digital risk effectively, healthcare organisations need to ensure that everyone in the organisation understands what digital risks they face, how these can best be mitigated, and what the consequences are of not doing so. Then it is important to deal with these risks as much as possible. If you are not even doing the basics, then you could fall victim to a hacker who is simply rattling doorknobs to see which one is unlocked.