Eastern Health reports ‘cyber incident’, takes systems offline

Australian healthcare provider Eastern Health has taken its IT systems offline in response to a cyber incident earlier this week.

The healthcare group, which operates several hospitals in east Melbourne, said the measure was taken as a precaution while it sought to understand and rectify the situation.

It assured the public that patient safety had not been compromised and that urgent elective surgeries would continue as planned.

However, the incident has affected its ability to undertake less urgent medical procedures, which will be postponed to a later date. 

“We apologise for the inconvenience this may cause. We thank our staff, patients and their families for patience during this situation and we will keep them informed,” it said in a statement.

Australia’s healthcare industry has been susceptible to cyber attacks amid the Covid-19 pandemic. In 2020, the Australian Cyber Security Centre received 166 cyber security incident reports relating to the health sector, an increase from the 90 reported incidents affecting the health sector in 2019.

“Hospitals are a very attractive target for cyber criminals due to the nature of the information they hold on their patients,” said Jacqueline Jayne, security awareness advocate at KnowBe4 Asia-Pacific. “Information that, once obtained, can be used for identity theft and sold multiple times on the dark web. This is not only health-related data, as the addition of personally identifiable information is also there for the taking.

“Once illegal access has been obtained into a hospital, there is also information available on employees, vendors and general business information, which provides even more reason for cyber criminals to target this sector,” she added.

While it was unclear what type of cyber incident had occurred, Jayne said it was likely to be ransomware that entered a computer as a result of a threat actor entrapping or manipulating people into taking action.

The rise of ransomware has been fuelled by the emergence of ransomware-as-a-service (RaaS), which makes attack toolkits easily available to cyber criminals.

But for healthcare organisations, understanding the evolving threat landscape is half the battle.

Rick McElroy, principal cyber security strategist at VMware Carbon Black, called for organisations to stay one step ahead of attackers by deploying next-generation antivirus, endpoint protection and IT tracking tools.