This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Victorian Public Hospitals

Summary

Multiple Victorian public hospitals suffered a coordinated ransomware attack in October 2019 that forced the cancellation of elective surgeries and raised serious concerns about patient data security. The attack affected hospital IT systems across Victoria, disrupting clinical operations and forcing healthcare workers to revert to manual paper-based processes. While classified as Severe due to targeting critical healthcare infrastructure and the potential exposure of sensitive patient medical records, the exact number of affected patients and extent of data compromise was not publicly disclosed.

What Happened

Ransomware. Cybercriminals launched a coordinated ransomware attack targeting IT systems across multiple Victorian public hospitals. The malware encrypted hospital systems and potentially exfiltrated patient data before locking files. The attack forced hospitals to shut down affected systems and implement emergency protocols. Clinical staff were forced to use paper records while IT teams worked to isolate infected systems and prevent the ransomware from spreading further across hospital networks. The timing and coordination of the attack across multiple facilities suggested a sophisticated, targeted campaign against Victorian health infrastructure.

Impact on Individuals

  • Surgery Cancellations: Elective surgeries were postponed, affecting patients' treatment schedules and causing anxiety
  • Patient Data at Risk: Medical records, test results, treatment histories, and personal information potentially compromised
  • Service Disruption: Delays in accessing patient records, test results, and clinical systems
  • Privacy Concerns: Uncertainty about whether sensitive health information was stolen before systems were encrypted
  • Ongoing Vulnerability: Fear of patient data being sold, leaked, or used for fraud

The attack highlighted the vulnerability of critical healthcare infrastructure to cyber threats and the potentially life-threatening consequences of disrupting hospital systems.

Response

Victorian hospitals immediately activated incident response protocols, isolating affected systems and bringing in cybersecurity experts to assess the damage and contain the attack. IT teams worked around the clock to restore systems from backups while clinical staff maintained essential services using paper records. The Victorian Government and health authorities launched an investigation into the breach and its impact on patient data. Hospitals notified potentially affected patients and implemented enhanced security measures to prevent future attacks. The incident prompted wider discussions about cybersecurity funding and preparedness across Australia's public health system, with calls for increased investment in hospital IT infrastructure and security capabilities. +++

Verification Source: View original statement