Hospital hacking ‘preventable’

VULNERABLE: A cyber attack hit Geelong's hospital this week. Picture: Rebecca Hosking 194318_03

by Luke Voogt

Geelong health services received no extra money to prevent this week’s cyber attack despite Victoria’s Auditor General warning of risks to patient data in May.

Barwon Health chief executive officer Frances Diver made the admission during a heated 3AW interview on Wednesday.

Presenter Neil Mitchell’s repeated rephrasing of his question revealed State Government had invested no extra money “specifically” to prevent cyber attacks at Barwon Health.

Instead Ms Diver eventually admitted Barwon Health “found money within our existing budget” for cyber security measures.

The interview followed hackers targetting Barwon Health on Monday afternoon, forcing Geelong medical centres to shut down IT systems and denying staff email access.

Geelong medical staff used paper-based systems to collect patient data and had to phone patients to cancel appointments following the ransomware attack on multiple Victorian health services.

Department of Health and Human Services (DHHS) had invested additional resources in cyber security, Ms Diver said.

Cyber security was a “joint responsibility” of the department and local health providers, she said.

“We don’t get funded on a specific project line for every initiative we do.”

The attack could take days or up to two weeks to resolve, she said.

“We have some serious experts here from all levels of government and external experts working on this. There’s a meeting room full of IT types.”

Barwon Health had yet to provide an update on the crisis when the Indy went to press yesterday afternoon.

Ms Diver said staff pay went through on time, despite multiple sources telling the Indy the cyber attack delayed it, causing financial stress to families.

A spouse of a Barwon Health worker, who wished not to be named, told the Indy their partner’s pay arrived more than a day late.

Their partner’s workmates reported similar delays for “hundreds” of employees, they said.

“They were saying it was affecting a lot of people and they were all having trouble with their pay coming through.”

Shadow health minister Georgie Crozier pounced on the 3AW interview, accusing the Andrews Labor Government of forcing hospitals to cut services to fund cyber security.

She cited the Victorian Auditor General’s “scathing” report in May warning the public health system was highly-vulnerable to cyber attacks.

State Government had given no extra money to hospitals in its “band aid” approach despite “grim warnings that an attack was imminent”, Ms Crozier said.

But Health Minister Jenny Mikakos hit back at Ms Crozier’s “political point-scoring” over the cyber security incident

“It’s desperate, grubby and everything we’ve come to expect from the Liberals when it comes to health,” she said,

“We need to be extra vigilant when it comes to the dangers posed by cyber criminals, which is why we’ve invested heavily in this area.

“We’re not going to be lectured to by the Liberals, whose record on health is one of cuts, closures and privatisations.” According to government Victorian health services have received an additional $46 million to upgrade computers and strengthen cyber security.

The government established a cyber security program at DHHS in 2016 to support Victorian health services.