Ransomware strike cripples regional Victorian hospitals

Even as authorities scramble to recover from a successful ransomware attack on a group of regional Victorian hospitals, experts are warning that the ongoing exposure of “woefully under-protected” healthcare organisations has made them prime targets in a climate where malicious compromises have become nearly ubiquitous.

Reports said the South West Alliance of Rural Health (SWARH) – a shared-infrastructure coalition supporting hospitals and related healthcare service providers across south western Victoria – had been targeted by a cyber attack that had compromised the network since late Monday afternoon.

Experts had been called in to assist with recovery efforts after the attack compromised a range of systems – both at SWARH and the Gippsland Health Alliance – blocking access to financial management, patient booking and other systems in an attack that Victorian premier Daniel Andrews said in a [[xref:https://www.premier.vic.gov.au/statement-on-cyber-security-incident/ would cause disruption to “a small number of clinical services” including outpatient appointments and elective surgery.

Affected hospitals have been disconnected from the Internet “as a precautionary step”, the statement said, with Barwon Hospital suspending some clinical services, and a “small impact” to Warrnambool aged-care services, and radiation services in Gippsland.

Authorities were downplaying the chances that any patient information had been compromised, promising “a full review” to identify any additional measures that need to be taken.

The attacks were old news for security industry figures, with Forcepoint senior director and security strategist Alvin Rodrigues warning that the incident suggested Australian healthcare providers “need to re-look at their existing cybersecurity posture”.

“Attackers are undermining the most extensively-designed security systems by launching social engineering attacks or a phishing attack to compromise people,” he said, “thus stealing their digital identities and critical data.”

“Healthcare institutions need to rethink their existing cyber security approach. As they continue with securing the perimeter preventing attacks, we recommend they expand and embrace a behaviour centric analytics approach to cybersecurity, where peoplemdash;rather than IT infrastructuremdash;become the focal point. By knowing your people’s baseline behaviour, alerts are triggered when there is deviation. This helps security professionals to more effectively safeguard the healthcare data that they are storing.”

Healthcare CISOs have been struggling to keep up with the appeal of healthcare information to cybercriminals, which have had great success capitalising on the chronic lack of funding, overpressured workers and systems heterogeneity typical of the sector.

The industry has been by far the most regularly breached since the Office of the Australian Information Commissioner (OAIC) started analysing reports under Australia’s Notifiable Data Breaches (NDB) scheme in early 2018, and emerging Internet of Things (IoT) deployments are compounding the pressures they face to maintain data and system security.

Victoria’s public service has struggled to improve its cybersecurity posture in the wake of repeated findings such as a 2013 audit that warned the government was unprepared for ICT security breaches, and a 2015 follow-up that found disappointing progress in improving the situation.

Victoria has since redoubled its efforts around cybersecurity – but for Carbon Black head of security Rick McElroy, this latest ransomware attack on “woefully under-protected” healthcare organisations “is yet another reminder of the inadequate security controls that exist in in some of Australia’s health organisations.”

“Endpoint protection at healthcare organisations appears to be severely lacking,” he explained. “Beyond technology, humans are often the weakest link in any organisation’s security posture. This is where education and security awareness training can play an important role.”

“Prevention is always the best cure but minimising detection and response time during a breach is critical. Putting a reliable security solution in place that can alert on anomalous and suspicious activity can help reduce dwell time from weeks down to minutes. Breaches are inevitable. Losing sensitive information doesn’t have to be.”

Full industry comment:

Alvin Rodrigues isSenior Director, Security Strategist, atForcepoint, and has made the following comment:

“The ransomware attacks on hospitals in the Gippsland Health Alliance and South West Alliance of Rural Health shows that the Australian healthcare industry needs to re-look at their existing cybersecurity posture.

Hospitals are an attractive target for cyber criminals for the personal and sensitive medical records of patients it holds, and the value it offers if such critical data is compromised. This gives hospitals little choice, especially when dealing with life-threatening situations, but to surrender to hackers demand. This trend is going to continue, and paying ransom isn’t always the best way out, as hackers may not keep their promise of returning all the sensitive data.

Attackers are undermining the most extensively-designed security systems by launching social engineering attacks or a phishing attack to compromise people; thus stealing their digital identities and critical data. Healthcare institutions need to rethink their existing cyber security approach. As they continue with securing the perimeter preventing attacks, we recommend they expand and embrace a behaviour centric analytics approach to cybersecurity, where peoplemdash;rather than IT infrastructuremdash;become the focal point. By knowing your people’s baseline behaviour, alerts are triggered when there is deviation. This helps security professionals to more effectively safeguard the healthcare data that they are storing.”