A few days ago information security specialists reported that computer systems in multiple hospitals in the Gippsland and Victoria regions, Australia, were shut down after suffering a severe ransomware infection. This incident has already begun to have a negative impact on patients treated at the affected facilities.
Bianca Brant is the mother of a 12-year-old boy
with cerebral palsy who is being treated at one of the affected hospitals and
mentions that her son was about to not receiving a surgery because the hospital
staff were unable to access the child’s medical records; “They had to look
for my contact details among piles of papers,” Brant says.
The woman mentions that her son, Tom, had to
undergo surgery at Geelong University Hospital on Thursday morning (Australia
time), but things got complicated because the staff is improvising many of their
activities due to the inability to access their IT systems. “I couldn’t
confirm Tom’s appointment from the house, we had to show up at the
hospital,” adds the patient’s mother.
Australian authorities are investigating the
incident in conjunction with an information security firm. The ransomware
attack spread to various hospitals in the Australian regions of Warrnambool,
Warragul, Sale, Geelong, Colac and Bairnsdale.
Hospital visits have been a constant for the
Brant family since Tom’s birth and, while the mother claims that the child
receives all the necessary care and treatment at Melbourne Children’s Hospital,
she also adds that the resources available in the regional hospitals sometimes are
not enough. This situation has been aggravated by the ransomware infection.
On the other hand, Daniel Andrews, Premier of
Australia, says the crisis in affected hospitals does not reflect a lack of
public health budgets. “The funds these hospitals receive are bigger than
ever, this applies to all medical centers in the State,” Andrews says. The
Premier also states that the Australian government spares no resources for
information security, so it does not attribute ransomware attacks to a poor
computer infrastructure.
This surge of infections occurred simultaneously with a series of encryption malware attacks on at least a dozen hospitals in Alabama, US. Although a link between the two incidents has not yet been demonstrated, the cybersecurity community fears that both attacks have been commanded by a single group of cybercriminals, suggesting a wide availability of resources and great planning capacity.
Ransomware attacks targeting hospitals and
critical government infrastructure have increased rapidly over the past few months.
On the subject, information security specialists at the International Institute
of Cyber Security (IICS) mention that no system is completely safe from a
cyberattack; as complex as a system may be, security risks always exist,
whether due to implementation or configuration errors or due to human factor
oversights, hackers are always waiting to exploit an attack vector.
