The Victorian government is investigating the scale of a ransomware attack by “sophisticated cyber criminals” on some of the state’s major regional hospitals that has forced healthcare providers to go offline.

Hospitals in the Gippsland Health Alliance, in the state’s east, and South West Alliance of Rural Health were affected by the attack.

The groups include operators of hospitals in Warrnambool, Colac, Geelong, Warragul, Sale, and Bairnsdale, as well as a host of services in smaller towns.

“The cyber incident, which was uncovered on Monday, has blocked access to several systems by the infiltration of ransomware, including financial management,” a Department of Premier and Cabinet spokesperson said.

The department said there was no suggestion that personal patient information had been accessed.

Cyber experts called in to secure system

Premier Daniel Andrews said it was “very much a criminal attack” where “a lot of thought” had gone into targeting the hospitals.

“There will be days, up to weeks’ worth of work that will have to be done to secure that network,” he said.

The government said it was working with Victoria Police to manage the incident and experts from the Australian Cyber Security Centre would arrive from Canberra to help secure the system.

The department spokesperson said a “number of servers” across Victoria were affected. Investigations were still underway to determine the full extent of the attack.

“Hospitals have isolated and disconnected a number of systems such as internet to quarantine the infection,” the spokesperson said.

David Cullen, the principal adviser to the state government on cyber incidents, said hospitals were dealing with “sophisticated cyber criminals”.

“[They] have managed to bypass the various protections and controls we have put in place on our computer networks to install ransomware, which is a form of virus, on to these computer networks,” he told ABC Radio Melbourne.

He did not believe patient data had been compromised but said further investigation would be necessary.

“We are undertaking a very detailed, very thorough forensic investigation,” he said.

Mr Cullen said the hackers were likely motivated by financial gain but said no demands for money had been made to hospitals.

“It is usually money that cyber criminals are looking for when they deploy ransomware,” he said.

“We haven’t yet been met with any specific ransom demands.”

⚠️ Barwon Health has experienced a cyber security incident. Patients in Barwon Health facilities are continuing to receive care as usual. Some elective surgery & appointments have been cancelled. View our media statement: https://t.co/3sjzYZN0jM

— Barwon Health (@BarwonHealth) October 1, 2019

Surgeries and appointments cancelled

The department said the isolation had led to the shutdown of “some patient record, booking and management systems” and some hospitals had reverted to “manual systems” to maintain services.

“The affected hospitals are now working on their bookings and scheduling to minimise impact on patients, but may need to reschedule some services where they don’t have computer access to patient histories, charts, images and other information.”

Barwon Health, which services Geelong and the surrounding area, confirmed it had “experienced a cyber security incident” with its IT system.

The healthcare provider admitted more than 86,000 patients in the 2017-2018 financial year.

In a tweet, Barwon Health said “some elective surgery and appointments” had been cancelled.

“We expect there to be some impact on patient services throughout the day. The University Hospital Emergency Department is continuing to treat patients as they arrive,” it said in a statement.

Mr Andrews said there would be no impact on emergency care at the facilities.

“We’re not diminishing the impact but it’s one part of the health system, not the entire health system,” he said.

The department said since it had launched the Victorian Cyber Incident Response Service in July 2018, they had responded to more than 600 cyber attacks on Victorian government organisations.

Cybersecurity experts have previously warned healthcare data is a growing target for hackers.

In 2017, the ‘WannaCry’ ransomware attack caused chaos around the world – including for the UK’s National Health System.

In February, it was revealed a ransomware attack had targeted a Melbourne cardiology practice.

The state’s Auditor-General warned in a report released in May that Victorian patient health data was “highly vulnerable” to attack.

The report said auditors used “basic hacking tools” to access sensitive patient data at three major Victorian hospitals to show the “significant and present risk” to data security.