Ransomware attack on Vic hospitals exposes vulnerabilities

The recent ransomware attack on several major regional hospitals in Victoria and the security breach on a New Zealand health organisation serve as timely and critical reminders of the fragmentation of health services in rural areas across the region and the vulnerabilities within these networks that can be exploited.

Widespread disruption ensued on 30 September, as hospitals within the Gippsland Health Alliance and South West Alliance of Rural Health (SWARH) networks were forced to isolate and disconnect their systems to quarantine a ransomware infection. Many of the affected hospitals remained offline until well into October.

In August, a primary health organisation that provides essential healthcare across New Zealand revealed a huge security breach, which could potentially have exposed medical data pertaining to around one million people. Tū Ora Compass Health had its website defaced and notified authorities of a cyber attack on 5 August.

Health service providers top the list of sectors that reported the most data breaches in the OAIC’s latest Notifiable Data Breaches quarterly report — and the frequency of these attacks are only set to increase as the threat landscape continues to evolve.

Patient continuity is the biggest issue for Australia’s health services network. Regional health services teams are doing the best they can with disparate tech and are spending a huge amount of time, energy and resources reacting to these types of incidents — which is taking away from their primary focus of patient care.

The ransomware attack on Victorian hospitals delayed surgeries and led to the shutdown of patient records, booking and management systems. Hospitals had to revert to manual processes and workarounds to maintain their services.

The Gippsland Health Alliance and SWARH networks are small, widely dispersed and under significant pressure due to disparate, siloed tech repositories. The attackers very carefully targeted them for exactly this reason.

So how do we help these smaller providers become more resilient?

First and foremost, there need to be clear directives from governments in line with their policies on paying ransomware to unlock constituent data. This is essential, because when an incident of this scale affects a regional facility team or a local council that lacks the cyber qualifications to deal with it appropriately, they will look to the government as the first port of call for advice and support.

Secondly, to mitigate external threats associated with IT and cyber attacks, and keep their focus on patient care, health networks in remote areas should be outsourcing their IT to managed service providers (MSPs) that specialise in data protection and IT system security optimisation, and who have a sound understanding and expertise in the complex, fluid security landscape. MSPs deliver ongoing monitoring and management of applications and infrastructure remotely, and take a proactive approach to their customers’ IT so they can prevent most tech issues before they happen.

The sheer scale of one of the alliances affected illustrates the enormity of the task in protecting these rural health networks from such cyber attacks. The SWARH’s alliance of public health agencies covers an area of approximately 60,000 m², connecting all public acute hospitals and associated health services in a region extending from west of Melbourne to the South Australian border.

As it’s a constant challenge for the government to bring vital health services to the people that need them, the SWARH is small and disparate by design.

This creates something of a perfect storm between the critical nature of patient information and data and the smaller outpost locations, making them an unfortunate target, given that they typically have less robust cybersecurity in place than major hospitals. The real key is how these organisations can find the same level of protection as their city counterparts.

Increasingly sophisticated cybercriminals are targeting industries that they know retain sensitive information and value their data and systems, like health care. It’s no longer a scattergun effect but rather earmarked attacks by specialist hackers.

Datto’s latest Global State of the Channel Ransomware Report shows that in Australia and New Zealand, 91% of MSPs have reported attacks against small to medium businesses in the last two years — the highest rate globally.

The report also finds that ransomware remains the most prominent malware threat, and traditional cybersecurity solutions including antivirus and email/spam filters (which are all that many regional hospitals are using) are no match for modern ransomware.

People’s lives depend on healthcare providers’ ability to access important patient data — including diagnoses, treatment plans and medical history. The uninterrupted, efficient delivery of appropriate care to those who need it is only possible with a proactive data backup and recovery strategy that ensures patient-critical data is always protected securely and can be restored quickly.

As has become obvious, entire healthcare organisations are at risk of falling victim to ransomware — and a coordinated approach is imperative to address this threat. State governments must ensure provisions are in place to better protect our regional healthcare facilities against future attacks, and facilities themselves must consider proactively outsourcing their cyber protection and backup operations so they can continue to focus on patient care.

*James Bergl is Regional Director APAC at Datto. Datto offers business continuity and disaster recovery, networking, business management, and file backup and sync solutions to half a million businesses worldwide.

Image caption: ©stock.adobe.com/au/weerapat 1003