Security Market Segment LS
Thursday, 21 February 2019 09:06

Melbourne Heart Group hit by Windows ransomware Featured

Melbourne Heart Group hit by Windows ransomware Pixabay

The Melbourne Heart Group, a medical unit located at Cabrini Hospital in the Melbourne suburb of Malvern, has been hit by a Windows ransomware attack that has resulted in about 15,000 patients being locked.

The incident, which occurred some three weeks ago, has been reported to the Australian Cyber Security Centre. It was first reported by Nine Entertainment.

An ACSC spokesperson told iTWire that it had been recently alerted to a cyber security incident by the MHG.

"[We] provided cyber security advice and assistance to MHG," the statement added. "As the matter is ongoing, it is not appropriate to comment further."

The Nine report said MHG had paid part of the ransom, in cryptocurrency as demanded, but is still unable to regain access to some files which contain personal details and medical records of patients.

As MHG has no media contact, iTWire contacted Cabrini for comment. No response was received but this afternoon a statement posted on the hospital's site by its chief executive, Dr Michael Walsh, said the cyber-security incident occurred at the Melbourne Heart Group, a group of specialists who lease rooms at Cabrini Malvern.

"Data storage and other information systems in specialist suites are owned and managed by the specialists, not by Cabrini," he added.

"The specialists are not employees of Cabrini. No Cabrini data storage or patient related systems or operations have been impacted or compromised by this incident and there has been no breach of hospital patient data. Cabrini is providing support to Melbourne Heart Group in relation to this incident."

On contacting the general number at MHG, iTWire was told that the organisation had no statement on the situation at the moment. A spokeswoman said in the event that any statement was issued, it would be emailed to iTWire.

By late afternoon, an MHG spokeswoman sent the following statement: "In late January, Melbourne Heart Group experienced a cyber security incident in which our patient data was encrypted. This means that our patients' information became inaccessible to anyone, including ourselves.

"We have been assured that no patient's privacy has been compromised in any way. We are working through this issue with our IT provider and hope to resolve it as soon as possible.

"The health and well-being of our patients is always our primary concern. Their privacy is of the utmost importance to us. We are deeply sorry that this incident happened and encourage all our patients to contact our office so that we can keep them updated. No patients are being turned away from Melbourne Heart Group. The clinics are operating as usual."

Commenting on the attack, Bede Hackney, the ANZ country manager of cyber security firm Tenable, said: “Developers of ransomware and other malicious code are creating new methods of exploiting systems on a daily basis.

"Australian healthcare organisations, small and large, public and private, must protect themselves and the patient data they store in the face of a rapidly evolving attack surface. Healthcare naturally has a target on its back due to the wealth of personal and sensitive data it shares.

“Furthermore, being locked out of critical health information, such as what is stored in centralised databases like My Health Record, can have life-threatening consequences. But the techniques utilised by ransomware can be prevented – and the probability of an infection dramatically reduced – just by taking a few proactive steps.

“A good starting point is to consult the Australian Signals Directorate's Essential Eight Maturity Model which outlines security practices such as regular patching to minimise cyber risk. With patient lives and records on the line, healthcare organisations must take a proactive approach to preserve the integrity of the data they’ve been entrusted to protect.”

Another security professional, Dan Slattery, a senior information security analyst at Webroot, said" “Patient data is very valuable to hackers, with stolen information often used to commit further crimes like identify theft.

"The evolution of ransomware means that patient data has become even more valuable without needing to take it out the network.

"Holding healthcare data to ransom, especially by encrypting possibly life critical information of heart patients, has become a very lucrative business model for cyber criminals.”

Alvin Rodrigues, senior director, Security strategist - Asia-Pacific at Raytheon-owned security outfit Forcepoint, said the ransomware attack was a wake-up call for the healthcare industry in Australia to re-examine its existing cyber security posture.

"Hospitals are an attractive target for cyber criminals for the personal and sensitive medical records of patients it holds, and the value it offers if such critical data is compromised," he said.

"This gives hospitals little choice, especially when dealing with life-threatening situations, but to surrender to hackers' demands. We believe that this trend is going to continue and paying ransom isn’t always the best way out, as hackers may not keep their promise of returning all the sensitive data."

The most widely publicised case of ransomware hitting medical services occurred in May 2017 when the WannaCry ransomware, based on a leaked exploit from the NSA, hit the Web.

Britain's National Health Service went into meltdown at the time.

Quarterly breach reports from the Office of the Australian Information Commissioner have shown that health services providers are the sector that is most affected by breaches.

The OAIC has been issuing these reports since Australia put in place a data breach law in February last year.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News