Security Market Segment LS
Thursday, 21 February 2019 09:06

Melbourne Heart Group hit by Windows ransomware Featured

Melbourne Heart Group hit by Windows ransomware Pixabay

The Melbourne Heart Group, a medical unit located at Cabrini Hospital in the Melbourne suburb of Malvern, has been hit by a Windows ransomware attack that has resulted in about 15,000 patients being locked.

The incident, which occurred some three weeks ago, has been reported to the Australian Cyber Security Centre. It was first reported by Nine Entertainment.

An ACSC spokesperson told iTWire that it had been recently alerted to a cyber security incident by the MHG.

"[We] provided cyber security advice and assistance to MHG," the statement added. "As the matter is ongoing, it is not appropriate to comment further."

The Nine report said MHG had paid part of the ransom, in cryptocurrency as demanded, but is still unable to regain access to some files which contain personal details and medical records of patients.

As MHG has no media contact, iTWire contacted Cabrini for comment. No response was received but this afternoon a statement posted on the hospital's site by its chief executive, Dr Michael Walsh, said the cyber-security incident occurred at the Melbourne Heart Group, a group of specialists who lease rooms at Cabrini Malvern.

"Data storage and other information systems in specialist suites are owned and managed by the specialists, not by Cabrini," he added.

"The specialists are not employees of Cabrini. No Cabrini data storage or patient related systems or operations have been impacted or compromised by this incident and there has been no breach of hospital patient data. Cabrini is providing support to Melbourne Heart Group in relation to this incident."

On contacting the general number at MHG, iTWire was told that the organisation had no statement on the situation at the moment. A spokeswoman said in the event that any statement was issued, it would be emailed to iTWire.

By late afternoon, an MHG spokeswoman sent the following statement: "In late January, Melbourne Heart Group experienced a cyber security incident in which our patient data was encrypted. This means that our patients' information became inaccessible to anyone, including ourselves.

"We have been assured that no patient's privacy has been compromised in any way. We are working through this issue with our IT provider and hope to resolve it as soon as possible.

"The health and well-being of our patients is always our primary concern. Their privacy is of the utmost importance to us. We are deeply sorry that this incident happened and encourage all our patients to contact our office so that we can keep them updated. No patients are being turned away from Melbourne Heart Group. The clinics are operating as usual."

Commenting on the attack, Bede Hackney, the ANZ country manager of cyber security firm Tenable, said: “Developers of ransomware and other malicious code are creating new methods of exploiting systems on a daily basis.

"Australian healthcare organisations, small and large, public and private, must protect themselves and the patient data they store in the face of a rapidly evolving attack surface. Healthcare naturally has a target on its back due to the wealth of personal and sensitive data it shares.

“Furthermore, being locked out of critical health information, such as what is stored in centralised databases like My Health Record, can have life-threatening consequences. But the techniques utilised by ransomware can be prevented – and the probability of an infection dramatically reduced – just by taking a few proactive steps.

“A good starting point is to consult the Australian Signals Directorate's Essential Eight Maturity Model which outlines security practices such as regular patching to minimise cyber risk. With patient lives and records on the line, healthcare organisations must take a proactive approach to preserve the integrity of the data they’ve been entrusted to protect.”

Another security professional, Dan Slattery, a senior information security analyst at Webroot, said" “Patient data is very valuable to hackers, with stolen information often used to commit further crimes like identify theft.

"The evolution of ransomware means that patient data has become even more valuable without needing to take it out the network.

"Holding healthcare data to ransom, especially by encrypting possibly life critical information of heart patients, has become a very lucrative business model for cyber criminals.”

Alvin Rodrigues, senior director, Security strategist - Asia-Pacific at Raytheon-owned security outfit Forcepoint, said the ransomware attack was a wake-up call for the healthcare industry in Australia to re-examine its existing cyber security posture.

"Hospitals are an attractive target for cyber criminals for the personal and sensitive medical records of patients it holds, and the value it offers if such critical data is compromised," he said.

"This gives hospitals little choice, especially when dealing with life-threatening situations, but to surrender to hackers' demands. We believe that this trend is going to continue and paying ransom isn’t always the best way out, as hackers may not keep their promise of returning all the sensitive data."

The most widely publicised case of ransomware hitting medical services occurred in May 2017 when the WannaCry ransomware, based on a leaked exploit from the NSA, hit the Web.

Britain's National Health Service went into meltdown at the time.

Quarterly breach reports from the Office of the Australian Information Commissioner have shown that health services providers are the sector that is most affected by breaches.

The OAIC has been issuing these reports since Australia put in place a data breach law in February last year.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments