Update on cyber-attack investigation

On Monday 30 September, a cyber-attack impacted a number of hospitals and health services in Gippsland and south-west Victoria.

11/10/19 4.52am
Published by Department of Premier and Cabinet

On Monday 30 September, a cyber-attack impacted a number of hospitals and health services in Gippsland and south-west Victoria.

Over the past week, the Victorian Government have been involved in a detailed and complex forensic investigation to uncover the source and severity of the cyber-attack. The investigation involved a mix of state and federal police and cyber security experts, and support from private industry.

Importantly, we have found no evidence that patient data has been stolen. The aim of this sort of cyber-attack is to extract payment from organisations rather than steal data.

The cyber-attack began with a phishing email sent to an employee. The email enabled a virus to download to the hospital’s computer network, which provided cyber criminals with unauthorised access.

Once inside the network, the cyber criminals spread their virus across the computer network. This led to the ransomware encryption of some servers. These servers controlled important clinical, medical and corporate systems.

This situation could have been far worse if it were not for the swift actions of staff. The actions taken by staff were effective at containing the spread of ransomware to just a portion of the hospital’s computer network.

The form of ransomware that we identified is synonymous with financially-motivated cybercrime groups. These groups typically operate from overseas. Although we did not receive any specific ransom demands, our position remains firm - we will not pay a cent to these cyber criminals.

This incident provides a useful reminder about the importance of cyber security. Despite the many protections put in place by the hospitals to protect their computer networks, cyber criminals worked hard to get inside. Cyber security is a business risk that all organisations must act on.

And for individuals, it is important to acknowledge that you are a key target for cyber criminals. Cyber criminals want access to your money and information. They will use a variety of tricks to get you to hand it over.

As we enter International Cyber Security Awareness Month, we encourage all Victorians to stay cyber safe. Victorians can boost their cyber security by learning how to spot phishing emails, creating strong and unique passwords, and turning on two-factor authentication on their accounts.

Visit Stay Smart Online or for more information.

We all play a role in keeping Victoria cyber safe.

Reviewed 11 October 2019

Was this page helpful?