Today’s cyber-attacks on a number of Victorian hospitals could have been prevented if the Andrews Labor Government had implemented recommendations of an Auditor General report from May which warned the State’s hospital systems were ‘highly vulnerable’ and needed urgent action.
In May 2019, the Victorian Auditor General handed down a scathing report against the Andrews Government into Security of Patients’ Hospital Data. The report found:
· “Victoria’s public health system is highly vulnerable to the kind of cyberattacks.”
· “There are key weaknesses in health services’ physical security.”
· “Our (VAGO) testing demonstrated that all the audited health services are vulnerable to attacks that could steal or alter patient data.”
· “Health services do not have appropriate governance and policy frameworks to support data security.”
· “While digital records can improve patient care, a cybersecurity breach could alter or delete patients’ personal data or permit unauthorised access to this data. A breach could also disable health services’ ICT systems and prevent staff from accessing patient information.”
Specifically, the audit found “significant weaknesses in how the Rural Health Alliance and the audited health service manage data security” and that DHHS was currently reviewing joint-venture agreements for Rural Health Alliances.
The audit followed an attack in February 2019 where a cardiology service provider located within a Melbourne private hospital experienced a ransomware attack.
In that case, a cybercrime group gained access to the cardiology patient system, encrypted approximately 15 000 patient files, and demanded a ransom in exchange for a password to fix the data. Media reports indicated that the cardiology provider was unable to access some patient files for more than three weeks, and that patients arrived for appointments that had been deleted.
Comments attributable to Shadow Minister for Health, Georgie Crozier:
“Daniel Andrews and Jenny Mikakos were warned 125 days ago that Victoria’s public health system was highly vulnerable to cyber-attack and today they must explain to Victorians why a significant breach has occurred.
Victorian patients deserve to have full confidence in our health system and that this attack has not occurred because key warnings were ignored.
With Victoria’s health and hospital networks currently facing significant financial pressures and ongoing cuts, the Andrews Labor Government must also confirm that no shortcomings to online security have occurred due to Labor’s health cuts.”