{
	"id": "5d0c2879-7614-4f40-9976-2554d839ee14",
	"created_at": "2026-04-06T00:07:55.148502Z",
	"updated_at": "2026-04-10T13:12:34.501348Z",
	"deleted_at": null,
	"sha1_hash": "48f2c06a45b2e1a8805b1227981118cc200cb5bf",
	"title": "Hospital cyberattack could have been avoided",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41916,
	"plain_text": "Hospital cyberattack could have been avoided\r\nBy By David Braue on Nov 05 2019 09:49 AM\r\nArchived: 2026-04-05 16:03:06 UTC\r\nThe ransomware infection that recently crippled several Victorian hospitals could have been avoided if the\r\nplanned installation of artificial intelligence-based security software had happened just a week earlier.\r\nThat software, from security vendor BlackBerry Cylance, was slated to have been installed in early October but\r\ncame too late to stop the September 30 breach – in which healthcare services were interrupted after a ransomware\r\nattack shut down administrative systems in nearly a dozen regional centres.\r\nSecurity staff disconnected the systems from the Internet and scrambled to isolate the ransomware, successfully\r\nferreting out the malware using AI techniques that learn to recognise malware based on its characteristics rather\r\nthan checking against a database of known attacks.\r\nAI has proved invaluable for Latrobe Regional Hospital (LRH), which like the other breached sites had to shut\r\ndown numerous systems and was forced to transfer cancer patients to The Alfred in Melbourne for treatment.\r\n“We have gone through and cleaned all our hardware and now we are just rebuilding services and systems and\r\nturning on other systems that weren’t impacted,” acting chief executive Don McRae said during a recent update on\r\nthe health service’s recovery efforts.\r\n“We found computers that still had the virus on it and [Cylance] shut it down very quickly.”\r\nA state under siege\r\nThe centralisation of IT security and service delivery, which in Victoria is managed by the Department of Premier\r\nand Cabinet (DPC), means that the planned rollout would likely have been part of a Department of Health and\r\nHuman Services or even a whole-of-government deployment.\r\nA DPC spokesperson wouldn’t comment on specific security tools but confirmed that the affected hospitals –\r\nwhich included sites across the South West Alliance of Rural Health (SWARH) and Gippsland Health Alliance –\r\nhad restored “all critical systems”.\r\nThe government “does not pay ransoms to cyber criminals”, the spokesperson said in noting the focused\r\ncontainment of the malware infection had seen “the best cyber minds from government and private industry unite\r\nin response”.\r\nThe response – which involved excising the malware, wiping computers and restoring from backups – was\r\nspearheaded by the Victorian Government Cyber Incident Response Service, a crack team that has handled over\r\n600 cyberattacks on Victorian government organisations since it was established just 15 months ago.\r\nhttps://ia.acs.org.au/article/2019/hospital-cyberattack-could-have-been-avoided.html\r\nPage 1 of 3\n\nThat’s more than one attack per day – highlighting the ongoing threat to Victorian healthcare and other\r\ngovernment agencies from a constant barrage of attacks.\r\nIn October, the Australian Cyber Security Centre (ACSC) issued a formal warning about the Emotet malware and\r\nits payload of Ryuk ransomware – the strain believed to have caused the September breaches.\r\nOutdated technology, poor security controls, the high value of healthcare data and a broad spectrum of user habits\r\nhave left healthcare organisations suffering far more breaches than any other sector.\r\nAustralian healthcare organisations reported 206 data breaches in the first year of the Notifiable Data Breach\r\n(NDB) legislation, with 90 incidents due to malicious or criminal attack.\r\nThat was in line with overseas experience: a recent review by security firm EmsiSoft, for one, identified 491\r\nransomware attacks on healthcare providers in the first three quarters of this year alone.\r\nCyber security still not an executive priority\r\nVictoria’s susceptibility to cyberattack was a core concern of a recent Victorian Auditor-General report, which\r\ntested Victorian health services’ security and found that all were vulnerable to the theft or alteration of patient\r\ndata.\r\nYet despite the state government’s ongoing efforts to improve cybersecurity response, a review of health services’\r\nrecent annual reports found that cybersecurity is still not an executive priority.\r\nNewly updated Statements of Priorities 2019-2020, which are released on 1 November each year and reflect\r\nagreed priorities between Victorian public healthcare services and the Minister for Health– fail to mention\r\ncybersecurity at all.\r\nThe boilerplate statements are more concerned with clinical performance indicators and references to ‘data’ relate\r\nonly to performance data and its submission to state authorities.\r\nThe words ‘cyber’ and ‘privacy’ do not appear at all – not even in the Statements of Priorities lodged by malware-ravaged LRH and South West Healthcare.\r\nThe word ‘security’ is only referenced in the context of occupational violence – issues such as physical facility\r\nprotection and installation of additional lighting in staff carparks.\r\nSimilarly, a casual review of health services’ annual reports confirmed that, despite years of warnings from\r\ngovernment auditors, Victoria’s health services executives remain either ignorant of cybersecurity, or see it of so\r\nlittle import that it doesn’t merit a mention.\r\nGiven that those reports are otherwise detailed enough to even highlight improvements in the efficiency of the\r\nwashing of bedsheets, cybersecurity’s omission suggests that data protection still faces an uphill battle.\r\nHealthcare isn’t the only industry to struggle with this issue: a recent Thycotic-Sapio Research study found a\r\nmassive disconnect between business and cybersecurity priorities that was marginalising information security\r\nexecutives and making them question their value to the organisation.\r\nhttps://ia.acs.org.au/article/2019/hospital-cyberattack-could-have-been-avoided.html\r\nPage 2 of 3\n\nSource: https://ia.acs.org.au/article/2019/hospital-cyberattack-could-have-been-avoided.html\r\nhttps://ia.acs.org.au/article/2019/hospital-cyberattack-could-have-been-avoided.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://ia.acs.org.au/article/2019/hospital-cyberattack-could-have-been-avoided.html"
	],
	"report_names": [
		"hospital-cyberattack-could-have-been-avoided.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434075,
	"ts_updated_at": 1775826754,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/48f2c06a45b2e1a8805b1227981118cc200cb5bf.pdf",
		"text": "https://archive.orkl.eu/48f2c06a45b2e1a8805b1227981118cc200cb5bf.txt",
		"img": "https://archive.orkl.eu/48f2c06a45b2e1a8805b1227981118cc200cb5bf.jpg"
	}
}