View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. News
May 30, 2019updated 23 Dec 2019 10:26am

Australian patient data vulnerable to cyber attacks, audit finds

An audit has concluded that patient data in the Australian state of Victoria’s public health system could easily be breached.

By Chloe Kent

An audit has concluded that patient data in the Australian state of Victoria’s public health system could easily be breached.

Victoria’s auditor general Andrew Greaves and his office were able to hack into some of the state’s biggest health databases. They used basic hacking tools to access patient data at five different organisations – Barwon Health, the Royal Children’s Hospital, the Royal Victorian Eye and Ear Hospital, as well as the department’s Digital Health and Health Technology Solutions – to demonstrate what Greaves described in a report as a “a significant and present risk” to Australian citizens’ patient data.

The auditors were able to access the restricted administration and corporate offices of all the parties examined. For two of the five they were also able to gain access to areas storing critical technology infrastructure.

Some of the organisations were still using default manufacturer account names and passwords on key devices such as servers, details of which are easily available online.

Overall, they were ruled to not have been proactive enough in taking a whole-of-hospital approach to security.

RSA Security regional director of UK & Ireland Chris Miller said: “Attacks on healthcare organisations are becoming increasingly common, so it’s imperative that organisations take the necessary steps to manage their digital risk very carefully.

“Some of the errors that the auditors have picked up on here are pretty basic, which suggests that security hasn’t become embedded into these organisations – instead being treated as a bolt-on, or worse, a hurdle.”

The auditor general’s offices also investigated the security infrastructure surrounding the Department of Health and Human Services and the Department of Justice and Community Safety. It found that while the infrastructure was adequate, its effectiveness was undermined by a laissez-faire approach to safety culture.

All of the audited health services accepted the auditor general’s recommendations to tighten security around patient hospital data.

Due to their storage of huge amounts of personal data, hospitals are growing targets for hackers, and medical records can sell for thousands of dollars on the dark web.

In 2017 the WannaCry ransomware attack caused global chaos, costing the British NHS £92m and resulting in 19,000 appointments being cancelled.

Miller said: “Many hackers out there are opportunists; if you are not even doing the basics, then you could fall victim to a hacker who is simply rattling doorknobs to see which one is unlocked.”

Related Companies

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday. A weekly roundup of the latest news and analysis, sent every Friday. The medical device industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Medical Device Network