Security Market Segment LS
Thursday, 21 February 2019 09:06

Melbourne Heart Group hit by Windows ransomware Featured

Melbourne Heart Group hit by Windows ransomware Pixabay

The Melbourne Heart Group, a medical unit located at Cabrini Hospital in the Melbourne suburb of Malvern, has been hit by a Windows ransomware attack that has resulted in about 15,000 patients being locked.

The incident, which occurred some three weeks ago, has been reported to the Australian Cyber Security Centre. It was first reported by Nine Entertainment.

An ACSC spokesperson told iTWire that it had been recently alerted to a cyber security incident by the MHG.

"[We] provided cyber security advice and assistance to MHG," the statement added. "As the matter is ongoing, it is not appropriate to comment further."

The Nine report said MHG had paid part of the ransom, in cryptocurrency as demanded, but is still unable to regain access to some files which contain personal details and medical records of patients.

As MHG has no media contact, iTWire contacted Cabrini for comment. No response was received but this afternoon a statement posted on the hospital's site by its chief executive, Dr Michael Walsh, said the cyber-security incident occurred at the Melbourne Heart Group, a group of specialists who lease rooms at Cabrini Malvern.

"Data storage and other information systems in specialist suites are owned and managed by the specialists, not by Cabrini," he added.

"The specialists are not employees of Cabrini. No Cabrini data storage or patient related systems or operations have been impacted or compromised by this incident and there has been no breach of hospital patient data. Cabrini is providing support to Melbourne Heart Group in relation to this incident."

On contacting the general number at MHG, iTWire was told that the organisation had no statement on the situation at the moment. A spokeswoman said in the event that any statement was issued, it would be emailed to iTWire.

By late afternoon, an MHG spokeswoman sent the following statement: "In late January, Melbourne Heart Group experienced a cyber security incident in which our patient data was encrypted. This means that our patients' information became inaccessible to anyone, including ourselves.

"We have been assured that no patient's privacy has been compromised in any way. We are working through this issue with our IT provider and hope to resolve it as soon as possible.

"The health and well-being of our patients is always our primary concern. Their privacy is of the utmost importance to us. We are deeply sorry that this incident happened and encourage all our patients to contact our office so that we can keep them updated. No patients are being turned away from Melbourne Heart Group. The clinics are operating as usual."

Commenting on the attack, Bede Hackney, the ANZ country manager of cyber security firm Tenable, said: “Developers of ransomware and other malicious code are creating new methods of exploiting systems on a daily basis.

"Australian healthcare organisations, small and large, public and private, must protect themselves and the patient data they store in the face of a rapidly evolving attack surface. Healthcare naturally has a target on its back due to the wealth of personal and sensitive data it shares.

“Furthermore, being locked out of critical health information, such as what is stored in centralised databases like My Health Record, can have life-threatening consequences. But the techniques utilised by ransomware can be prevented – and the probability of an infection dramatically reduced – just by taking a few proactive steps.

“A good starting point is to consult the Australian Signals Directorate's Essential Eight Maturity Model which outlines security practices such as regular patching to minimise cyber risk. With patient lives and records on the line, healthcare organisations must take a proactive approach to preserve the integrity of the data they’ve been entrusted to protect.”

Another security professional, Dan Slattery, a senior information security analyst at Webroot, said" “Patient data is very valuable to hackers, with stolen information often used to commit further crimes like identify theft.

"The evolution of ransomware means that patient data has become even more valuable without needing to take it out the network.

"Holding healthcare data to ransom, especially by encrypting possibly life critical information of heart patients, has become a very lucrative business model for cyber criminals.”

Alvin Rodrigues, senior director, Security strategist - Asia-Pacific at Raytheon-owned security outfit Forcepoint, said the ransomware attack was a wake-up call for the healthcare industry in Australia to re-examine its existing cyber security posture.

"Hospitals are an attractive target for cyber criminals for the personal and sensitive medical records of patients it holds, and the value it offers if such critical data is compromised," he said.

"This gives hospitals little choice, especially when dealing with life-threatening situations, but to surrender to hackers' demands. We believe that this trend is going to continue and paying ransom isn’t always the best way out, as hackers may not keep their promise of returning all the sensitive data."

The most widely publicised case of ransomware hitting medical services occurred in May 2017 when the WannaCry ransomware, based on a leaked exploit from the NSA, hit the Web.

Britain's National Health Service went into meltdown at the time.

Quarterly breach reports from the Office of the Australian Information Commissioner have shown that health services providers are the sector that is most affected by breaches.

The OAIC has been issuing these reports since Australia put in place a data breach law in February last year.

Read 5031 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News