Computer networks at regional Victorian hospitals are in lockdown after a cyber attack, delaying surgeries and outpatient care.
Hospitals that are a part of the Gippsland Health Alliance and South West Alliance of Rural Health have been impacted.
“There will be some disruption to outpatient appointments, there’ll be some disruption for non-urgent care, so elective surgery,” Premier Daniel Andrews told reporters on Tuesday.
Emergency procedures will not be affected, he noted.
Victoria Police, along with state and federal cyber security authorities are investigating after the alarm was raised on Monday.
The state government was warned in an auditor general reporter released in May that cyber security at Victorian hospitals needed improvement.
Mr Andrews told reporters the system “is much stronger than it’s ever been” however “you can build a fortress, but if people are prepared to put the planning into it, there are still ways to get in”.
A “number” of servers across the state were hit by the latest attack with the extent still being determined.
The government said “at this time there is no suggestion that personal patient information has been accessed”.
It could take days, if not weeks, to fix.
Hospitals have disconnected a number of systems, such as the internet, in response to the attack.
Patient scheduling will be completed manually where possible and otherwise delayed.
David Cullen, principal advisor to the Department of Premier and Cabinet on cyber incidents and emergency management said the hacker is being pursued.
“We are certain that we have kicked the criminals out of our system and that we have eliminated all ransomware,” he told 3AW.
“These are people who take their time to surveil our networks to understand how to compromise our networks and despite the myriad of controls that we put in place to protect our system on this occasion they have managed to break in.”
Since launching 14 months ago, the Victorian Government Cyber Incident Response Service has responded to more than 600 cyber-attacks on Victorian Government organisations.
University of Melbourne privacy and cyber security expert Suelette Dreyfus said hospitals across the world, including in the UK and Singapore, had been targeted by ransomware attacks because of the valuable information they hold.
She said government at all levels needed to warn institutions and the private sector of potential risks.
“There’s certainly entities between the states and federal bodies that should be providing advice and support to the cyber security people within government departments, hospitals and the private sector,” Dr Dreyfus said.